However, if a user has not yet already registered for the MFA, we need the ability to allow the user to configure the MFA. Can you please help us understand:
how can we check if the user is enabled for MFA or not
how can we allow the user to register for MFA post login, if he/she has not yet configured?
You can check the event.user.multifactor property to see if the user has MFA enrolled. If so, you should see an array of the MFA factors currently enrolled.
You can check if the user has any MFA factors currently enrolled. If the user has no MFA factors enrolled then allow the user to enroll MFA.
For example: