@joseantonio.rey Thanks for the reply. I have seen the document and created a rule
with below script as in the documentation
function (user, context, callback) {
//var CLIENTS_WITH_MFA = [‘REPLACE_WITH_YOUR_CLIENT_ID’];
// run only for the specified applications
// if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) {
// uncomment the following if clause in case you want to request a second factor only from user’s that have user_metadata.use_mfa === true
if (user.user_metadata && user.user_metadata.use_mfa){
context.multifactor = {
provider: ‘any’,
allowRememberBrowser: false
};
// }
//}
callback(null, user, context);
}
and for one user i have added metadata as use_mfa === true but i see mfa is enabled for everyone