Hello,
We would like to configure a default MFA authenticator factor (exemple : code send via email) the first time a user access the portal and after that a mandatory factor (exemple : OTP from an app or Yubikey), becasue we force a user to enroll a MFA factor like OTP or Yubikey (more secure than a code send via email) when he log in to the portal.
An exemple for our use case: the first time the user access to the portal he have to enter the login and password, then the code send via email and if it's OK, we force the user to enroll a MFA factor like an OTP app or a Yuibiky. After that, when the user access to the portal (to change his password for exemple), he a to enter his login and password and then use the MFA factor (OTP app or Yubikey) and not have the ability to send a code via email.
Regards,
Jonathan