We’re working on integrating our system with Auth0, and our design makes use of the organizations feature. I was wondering if there was a way to limit which MFA factors an organization could have available. I know that the Actions api object allows us to set the mfa provider, but that doesn’t really do what I’m looking for.
Setting the provider to ‘guardian’ would allow the user to use Push, SMS, or OTP.
What I am hoping for is a way to control whether they can use SMS on a per organization basis. The reasoning is that SMS costs us on our Twilio account, so we want to only opt in specific customers.
Is there a way to do this, or plans to implement something similar?