Thanks for the the response @dan.woda. I will send feedback shortly on the link you provided
One solution that I have come up in the meanwhile makes use of the EventBridge integration.
I catch these 2 events:
- gd_enrollment_complete - provides info on a new MFA enrollment and includes the method enrolled and user_id
- gd_unenroll - when an MFA reset is done, this occurs and the user_id is provided
When these events occur, I use the management API to update a list inside the user’s app_metadata with their MFA methods. It’s a bit of a short-term hack but at least it will allow me to list users and get their MFA methods back in a single API call (and therefore not run into problems with rate-limiting).