Feature: Some users should have restricted MFA options.
Description: I should be able to, with a combination of actions, options, and user management API calls have more control over the MFA enrollment experience per-user.
Use-case: There are certain users with higher privileges, and who have been given a FIDO2 key that they are by policy required to use for the application. We were there to enroll those users and ensure compliance at setup, but it would have saved everybody’s time if we were able to put a piece of data on that user record that restricted valid MFA enrollments to FIDO2 key (and webAuthn biometrics as backup).