I have two roles, roleA and roleB
I want to enforce roleA to use SMS while roleB uses OTP.
The documents specify that you can enforce a challenge using api.authentication.challengeWith
however this requires the user to be already enrolled. If I don’t force the challenge, roleB will be able to enrol with SMS.
How can I specify which factors are allowed for each user?