Problem statement
How to enable MFA for only one application in the tenant?
Solution
You can selectively enforce MFA using Rules for a single application.
Here is a sample rule that will allow you to enforce MFA authentication against a specific client application:
However, the preferred method of implementation would be to use Actions. In particular, you would need to create a custom Login flow:
Depending on your requirements, you may need to reference:
- the event.client and event.authentication properties of the Event Object
- the api.multifactor and api.multifactor.enable(provider, options) properties of the API Object
This community post gives the solution.