> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Describes how to configure email as an MFA factor for users who don't have their primary factor available.

# Configure Email Notifications for MFA

Use email as a <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=multi-factor+authentication">multi-factor authentication</Tooltip> (MFA) factor to provide users a way to perform MFA when they don't have their primary factor available (e.g. they don't have their device to receive an SMS or push notification).

<Card title="Availability varies by login implementation">
  The login implementation you use affects whether this feature is available. To learn more, read [Universal Login vs. Classic Login](/docs/authenticate/login/auth0-universal-login/universal-login-vs-classic-login).
</Card>

Email is not true MFA because it does not represent a different factor than the password. It does not represent **something I have** or **something I am**, but rather just **something I know** (the email password). It is also weaker than other factors in that it's only as secure as the email itself (for example, encrypted end-to-end).

Users do not need to explicitly enroll with email MFA. They can use it when they have a verified email. This happens when they:

* Complete the email verification flow which updates the `email_verified` field using the <Tooltip tip="Management API: A product to allow customers to perform administrative tasks." cta="View Glossary" href="/docs/glossary?term=Management+API">Management API</Tooltip>.
* Log in with a connection that provides verified emails (such as Google).

You can only enable email as an MFA factor if there is already another factor enabled.

Once Email MFA is enabled, users will be prompted to complete MFA with another enabled factor. If they select **Try another method**, and then pick **Email**, they will be sent an email with a 6-digit code that they will need to enter to complete the authentication flow.

## Configure email notifications

You can explicitly enroll email for MFA using the [MFA API](/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-email-authenticators). If users have a verified email and one or more explicitly enrolled emails, they can choose to select which email they want to use to complete MFA when logging-in using <Tooltip tip="Universal Login: Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity." cta="View Glossary" href="/docs/glossary?term=Universal+Login">Universal Login</Tooltip>.

1. Go to [Dashboard > Security > Multi-factor Auth](https://manage.auth0.com/#/multifactor-auth) and enable the **Email** toggle.
   You will only be able to enable it if there is another factor enabled.
2. Auth0 provides a test email provider but it only allows a limited amount of emails, so you should configure your own email provider. To learn more, read [Configure External SMTP Email Providers](/docs/customize/email/smtp-email-providers).

## Learn more

* [Enroll and Challenge Email Authenticators](/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-email-authenticators)
* [Customize Emails](/docs/customize/email)
* [Customize Email Templates](/docs/customize/email/email-templates)
* [Customize Email Handling](/docs/customize/email/manage-email-flow)
* [Configure External SMTP Email Providers](/docs/customize/email/smtp-email-providers)
* [Configure Custom External SMTP Email Provider](/docs/customize/email/smtp-email-providers/configure-custom-external-smtp-email-provider)