Enforce MFA factor type based on user Role

I have two roles, roleA and roleB

I want to enforce roleA to use SMS while roleB uses OTP.

The documents specify that you can enforce a challenge using api.authentication.challengeWith however this requires the user to be already enrolled. If I don’t force the challenge, roleB will be able to enrol with SMS.

How can I specify which factors are allowed for each user?

Was this written by AI?

All I see about ‘Guardian’ is regarding push notificaitons and don’t see anything about MFA