Add policy to enforce MFA for specific users using a lambda, group or other mechanism

[mangeshparanjape]

It’s not possible to enforce MFA for certain group of users. Currently It can only be controlled at the Tenant and Application levels

Description

Currently It is not possible to enforce MFA at User level using API. We are looking for a functionality to enforce MFA from backend or when opted in to Turn MFA on by users themselves, Users will be prompted to setup MFA during hosted login workflow.

So the workflow would be:

1. MFA is enforced from our application backend for certain users or turned on by Users themselves from our application - user preference screen
2. User logs in using hosted login workflow
3. Before redirecting back to application after successful login, if MFA is activated for User, will be redirected to the QR code page (Oauth two-factor enable page in the theme) where user can configure Google Authenticator and setup two factor.
4. validate with code from authenticator and continue

Related

• Allow an application to require two factor authentication #763
• [Category] MFA #960
• Option to make two factor authentication mandatory #1637
• Add MFA lambda #2309