Hey again!
Sorry that I have missed that part. Just to understand what you are talking about. If an user who is already enrolled for OTP wants to enroll for another factor, do you wish to skip the part where the user is challenged for the 2nd factor during enrollment?
Ore do you wish to allow users to enroll to a 2nd factor while they are logged in without having them log out and back in so that the process is triggered by the PostLogin Action?
If that is the case, this can be quite hard to accomplish, and would require you to build your own UI to handle the behaviour. You can read more about that in our documentation here:
Otherwise, if you are talking about having the MFA trigger on all of their respective logins:
Enrollment and challenging an MFA factor are two distinct operations, due to that fact, after the user enrolls to the factors on their initial login, on their next one they will be asked to complete the MFA challenge and check the “Remember Browser for 30 days”.
After an user has been challenged and they tick that box on the respective login, any other logins on the respective device will not prompt the MFA to be triggered even if the action would challenge them to do so.
An alternative approach to this would be to set inside the metadata the specific time when they have completed the MFA challenge and trigger it again after a specific time frame (14 days/60 days/90 days).
Kind Regards,
Nik