Require MFA once per session rule only for enrolled users

Is there a way to configure “Require MFA once per session” rule to be applicable only to the users who have enrolled in MFA instead of all users for whom MFA is enabled?

You can add the following rule to accomplish it.

function requireMfaOncePerSession(user, context, callback) {
let authMethods = ;
if (context.authentication && Array.isArray(context.authentication.methods)) {
authMethods = context.authentication.methods;

const completedMfa = !!authMethods.find((method) => === ‘mfa’);

if (completedMfa) {
return callback(null, user, context);

context.multifactor = {
provider: ‘any’,
allowRememberBrowser: false

callback(null, user, context);