Updated EA notices and added missing Customize MFA sections

main/docs/authenticate/passwordless/implement-login/embedded-login/native.mdx

@@ -1040,7 +1040,7 @@ If you prefer, you can use the Android or iOS SDKs, which wrap this APIs in a pl
 ## Customize MFA with Embedded
 
 <Warning>
-Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
+Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
 </Warning>
 
 Customize <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> with embedded flows. Use the MFA API to allow users to enroll and challenge with factors of their choice that are supported by your application.

main/docs/authenticate/passwordless/implement-login/embedded-login/relevant-api-endpoints.mdx

@@ -128,7 +128,7 @@ For a complete explanation, read [Avoid Common Issues with Resource Owner Passwo
 ## Customize MFA
 
 <Warning>
-Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
+Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
 </Warning>
 
 Customize <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> with the Passwordless API. When your application calls `/oauth/token` endpoint to request an access token, the <Tooltip tip="Authorization Server: Centralized server that contributes to defining the boundaries of a user’s access. For example, your authorization server can control the data, tasks, and features available to a user." cta="View Glossary" href="/docs/glossary?term=authorization+server">authorization server</Tooltip> returns an `mfa_required` error which provides:

main/docs/authenticate/passwordless/implement-login/embedded-login/spa.mdx

@@ -33,7 +33,7 @@ For security purposes, your app's origin URL must be listed as an approved URL.
 ## Customize MFA
 
 <Warning>
-Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
+Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
 </Warning>
 
 Customize <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> with embedded flows. Use the MFA API to allow users to enroll and challenge with factors of their choice that are supported by your application.

main/docs/authenticate/passwordless/implement-login/embedded-login/webapps.mdx

@@ -1066,7 +1066,7 @@ The `/passwordless/start` endpoint has a [rate limit](/docs/troubleshoot/custome
 ## Customize MFA
 
 <Warning>
-Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
+Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](https://support.auth0.com/).
 </Warning>
 
 Customize <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=MFA">MFA</Tooltip> with embedded flows. Use the MFA API to allow users to enroll and challenge with factors of their choice that are supported by your application.

main/docs/customize/actions/transaction-metadata.mdx

@@ -10,11 +10,9 @@ title: Actions Transaction Metadata
  login and post-login Actions.
 'twitter:title': Actions Transaction Metadata
 ---
-<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
-
-Actions Transaction Metadata is currently in Early Access. To learn more, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
-
-</Callout>
+<Warning>
+Actions Transaction Metadata is currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
+</Warning>
 
 Actions Transaction Metadata stores, accesses, and/or shares, custom metadata within a [post-login](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger) Action for the duration of a transaction.
 

main/docs/get-started/auth0-teams/configure-security-policies.mdx

@@ -8,11 +8,9 @@ title: Configure Security Policies
 'twitter:description': Configure the security policies associated with an Auth0 Team.
 'twitter:title': Configure Security Policies
 ---
-<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
-
-This feature is offered as Early Access to Public Cloud Enterprise tenants and as a Beta release to Private Cloud Enterprise tenants.
-
-</Callout>
+<Warning>
+This feature is offered as Early Access to Public Cloud Enterprise tenants and as a Beta release to Private Cloud Enterprise tenants. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
+</Warning>
 
 Security policies allow [team owners](/docs/get-started/auth0-teams/team-member-management) to configure and implement authentication rules that adhere to your organization's IT security policies for access to infrastructure systems or applications.
 

main/docs/get-started/auth0-teams/tenant-management.mdx

@@ -109,7 +109,7 @@ If these conditions are met, the tenant will show up as a possible option to lin
 
 ## Create new tenant
 
-<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
+<Warning>
 
 This feature is currently available for the following Team Subscription types:
 
@@ -119,7 +119,8 @@ This feature is currently available for the following Team Subscription types:
 * B2B - Professional
 * Enterprise Private Cloud
 
-</Callout>
+By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/).
+</Warning>
 
 Team Owners can create a tenant from within the Teams Dashboard, automatically linking the created tenant with the team, including associating the Team Subscription details (available features and quota limits) with the newly created tenant.
 

main/docs/secure/mdl-verification/configure-mdl-verification-request.mdx

@@ -10,11 +10,9 @@ title: Configure Mobile Driver’s License Verification Presentation Request
  Credentials such as Mobile Driver's Licenses.
 'twitter:title': Configure Mobile Driver’s License Verification Presentation Request
 ---
-<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
-
-Auth0’s Mobile Driver's License Verification Service is in Early Access. To enable this feature, review and complete the [Terms and Conditions form](https://forms.gle/47YuFPkhh3RZVvt76), and our team will be in contact with you. To learn more about Auth0’s release stages, read Product Release Stages.
-
-</Callout>
+<Warning>
+Auth0’s Mobile Driver's License Verification Service is currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
+</Warning>
 
 Auth0’s Mobile Driver's License Verification Service allows you to initiate a verification request for a user’s Mobile Driver’s License (mDL) to validate mDL claims, such as age and country of residence. mDL verification is useful for a variety of use cases, such as allowing end users to rent cars or access age-restricted products.
 

main/docs/secure/mdl-verification/create-mdl-api.mdx

@@ -14,11 +14,9 @@ import {AuthCodeBlock} from "/snippets/AuthCodeBlock.jsx";
 
 import {AuthCodeGroup} from "/snippets/AuthCodeGroup.jsx";
 
-<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
-
-Auth0’s Mobile Driver's License Verification Service is in Early Access. To enable this feature, review and complete the [Terms and Conditions form](https://forms.gle/47YuFPkhh3RZVvt76), and our team will be in contact with you. To learn more about Auth0’s release stages, read Product Release Stages.
-
-</Callout>
+<Warning>
+Auth0’s Mobile Driver's License Verification Service is currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
+</Warning>
 
 The Mobile Driver's License Verification API is a system API for customers to initiate a verification request for a user’s Mobile Driver’s License (mDL).
 

main/docs/secure/mdl-verification/mdl-conditional-check.mdx

@@ -10,11 +10,9 @@ title: Mobile Driver's License Conditional Verification Check
  Driver's License Verification Service.
 'twitter:title': Mobile Driver's License Conditional Verification Check
 ---
-<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
-
-Auth0’s Mobile Driver's License Verification Service is in Early Access. To enable this feature, review and complete the [Terms and Conditions form](https://forms.gle/47YuFPkhh3RZVvt76), and our team will be in contact with you. To learn more about Auth0’s release stages, read Product Release Stages.
-
-</Callout>
+<Warning>
+Auth0’s Mobile Driver's License Verification Service is currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
+</Warning>
 
 Auth0 supports verification of user's Mobile Driver’s Licenses (mDL) based on Annex A of the [ISO/IEC TS 18013-7:2024](https://www.iso.org/standard/82772.html) standard. mDL verification allows customers to validate sensitive information or personally identifying information (PII) about a user, such as birthdate or country of residence. A conditional check may be required during a transaction.
 

main/docs/secure/mdl-verification/mdl-verification-api.mdx

@@ -8,6 +8,11 @@ title: Mobile Driver's License Verification API
 'twitter:description': Describes the Mobile Driver's License Verification API.
 'twitter:title': Mobile Driver's License Verification API
 ---
+
+<Warning>
+Auth0’s Mobile Driver's License Verification Service is currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
+</Warning>
+
 This API facilitates interactions with a digital wallet for mDL verifiable credentials, following Annex A of the [ISO/IEC TS 18013-7:2024](https://www.iso.org/standard/82772.html) standard (REST API). The purpose of this API is to simplify credential exchange as much as possible. It achieves this by abstracting and managing the trust relationship with credential issuers and implementing the complex protocol that verifies and communicates with a compliant wallet.
 
 The primary function is to initiate and manage verifications and report their status to the requesting party. This allows the complex interactions between reader and wallet to be abstracted from the act of verifying a document. The reader (website) initiates a verification, and the Mobile Driver's License Verification API responds with a Verification ID and an engagement URI for communication with the wallet.  The reader can then begin polling the API for receiving claims. This API exclusively uses `application/json` for request and response bodies.

main/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa.mdx

@@ -479,6 +479,59 @@ See the links below to implement this flow depending on the authentication facto
 
 **Code validation rate limiting**: Unsuccessful user validation attempts are rate limited using a bucket algorithm. The bucket starts with 10 attempts and refreshes at a rate of 1 attempt per 6 minutes.
 
+## Customize MFA
+
+<Warning>
+Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](support.auth0.com).
+</Warning>
+
+Customize your MFA flows with the MFA API. With the MFA API, you can allow your users to enroll and challenge with a specific choice of factors your application supports.
+
+When MFA is enabled with the Resource Owner Password Flow to authenticate, call to the `/oauth/token endpoint` to request an access token. The authorization server returns an `mfa_required` error which provides:
+
+* The `mfa_token` you need to call the MFA API for enrollment and challenges.
+* The `mfa_requirements` parameter, which provides the type of factor your application supports for challenges.
+
+```json
+{
+ "error": "mfa_required",
+ "error_description": "Multifactor authentication required",
+ "mfa_token": "Fe26...Ha",
+ "mfa_requirements": {
+ "challenge": [
+ { "type": "otp" },
+ { "type": "push-notification" },
+ { "type": "phone" },
+ { "type": "recovery-code" }
+ ]
+ }
+}
+```
+
+Use the `mfa_token` to call the [`mfa/authenticator endpoint`](/docs/api/authentication/muti-factor-authentication/list-authenticators) to list all factors the user has enrolled and match the same type your application supports. You also need to obtain the matching `authenticator_type` to issue challenges:
+
+```json
+[
+ {
+ "type": "recovery-code",
+ "id": "recovery-code|dev_qpOkGUOxBpw6R16t",
+ "authenticator_type": "recovery-code",
+ "active": true
+ },
+ {
+ "type": "otp",
+ "id": "totp|dev_6NWz8awwC8brh2dN",
+ "authenticator_type": "otp",
+ "active": true
+ }
+]
+```
+
+Enforce the MFA challenge by calling the [`request/mfa/challenge`](/docs/api/authentication/muti-factor-authentication/request-mfa-challenge) endpoint.
+
+Further customize your MFA flow with Auth0 Actions. To learn more, read [Actions Triggers: post-challenge - API Object](/docs/customize/actions/explore-triggers/password-reset-triggers/post-challenge-trigger/post-challenge-api-object).
+
+
 ## Learn more
 
 * [Enroll and Challenge SMS and Voice Authenticators](/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-challenge-sms-voice-authenticators)

main/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-email-authenticators.mdx

@@ -1106,6 +1106,56 @@ If the call was successful, you'll receive a response in the format below, conta
 }
 ```
 
+## Customize MFA
+
+<Warning>
+Customizable MFA with the Resource Owner Password Grant, Embedded, or Refresh Token flows is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages). To participate in the early access, contact [Auth0 Support](support.auth0.com).
+</Warning>
+
+Customizable MFA allows users to enroll and challenge with factors of their choice that are supported by your application.
+
+During authentication at the `oauth/token` endpoint, the response returns the `mfa_required` error that includes the `mfa_token` to use the MFA API and the `mfa_requirements` parameter with a list of authenticators:
+
+```json
+{
+ "error": "mfa_required",
+ "error_description": "Multifactor authentication required",
+ "mfa_token": "Fe26...Ha",
+ "mfa_requirements": {
+ "challenge": [
+ { "type": "otp" },
+ { "type": "push-notification" },
+ { "type": "phone" },
+ { "type": "recovery-code" }
+ { "type": "email"} //can only work with challenge
+ ]
+ }
+}
+```
+
+Use the `mfa_token` to call the [`mfa/authenticator`](/docs/api/authentication/muti-factor-authentication/list-authenticators) endpoint for a list of all factors the user has enrolled and match the same type your application supports. You also need to obtain the matching `authenticator_type` to issue challenges:
+
+```json
+[
+ {
+ "type": "recovery-code",
+ "id": "recovery-code|dev_qpOkGUOxBpw6R16t",
+ "authenticator_type": "recovery-code",
+ "active": true
+ },
+ {
+ "type": "otp",
+ "id": "totp|dev_6NWz8awwC8brh2dN",
+ "authenticator_type": "otp",
+ "active": true
+ }
+]
+```
+
+Enforce the MFA challenge by calling the [`request/mfa/challenge`](/docs/api/authentication/muti-factor-authentication/request-mfa-challenge) endpoint.
+
+Further customize your MFA flow with Auth0 Actions. To learn more, read [Actions Triggers: post-challenge - API Object](/docs/customize/actions/explore-triggers/password-reset-triggers/post-challenge-trigger/post-challenge-api-object).
+
 ## Learn more
 
 * [Manage Authentication Factors with Authentication API](/docs/secure/multi-factor-authentication/manage-mfa-auth0-apis/manage-authenticator-factors-mfa-api)