Hi @shinkhouse
Thank you for reaching out!
Reading through your use-case, I believe the easiest way to accomplish this would be to add an attribute to the users’ app_metadata or user_metadata ( this one is has read/write properties which the user can change on their own, but should not be a problem for testing users) and invoke MFA according to this attribute through the use of a Post-login Action. You can use the event.user.app_metadata object to enforce MFA for users that have a specific attribute.
In order to keep Adaptive MFA active and also call the Action, you can enable the " Customize MFA using Actions" option, from the Security → Multi-factor Auth tab in your tenant, in order to implement custom logic for triggering MFA.
I recommend reading through our Knowledge Article on how to Enforce MFA for Internal Users but not for External Customers, which offers great tips on general MFA enforcement through Actions, which can be adapted to fit your case.
Hope this helped!
Gerald