We currently have SMS set up as a 2FA. But some of our users are having issues (no phone I guess) and we want to enable email as 2FA. (Yes we realize it isn’t consider true 2fA, oh well)
Under Security/MFA we have “email” enabled. Require MFA is set to never. Show MFA options is enabled. Then we have a post-login trigger that essentially does “api.multifactor.enable(‘any’, { allowRememberBrowser: true });”
When the user creates an account they are asked to verify the email. They then verify the email and then they are asked to enter a phone number to get an sms.
How can we set this second one up to select email or sms?