The issue is that this will pick one of the providers and not let the user decide which one they want to use, which is the case when I don’t enable it via a rule as I have that option enabled.
Is there a way to force 2fa via rule but let the user pick the provider instead?
First, let me clarify that the api.multifactor.enable() method is actually meant for Actions and not Rules. See this reference for clarity.
Yes, to do so you will need to go to your Auth0 Dashabord > Security > Multi-factor Auth and scroll to the bottom of the page to enable the Show Multif-factor Authentication Options feature: