ADFSMFA as primary method.

[PsySuck]

I re-read the documentation, but the process of registering / managing TOTP, for users, is not entirely clear. Now if adfsmfa is the primary method, then the user can register or manage TOTP by entering only one factor. What is not very safe, how can this be changed?
PrimaryAuhenticationOptions - it is about registration, not about management.
Maybe I don't understand the concept.

[redhook62]

Hi,

You understood well...
This functionality of MS, is not clean.

• Impossible to load an extension in primary and in secondary. 2 modules are therefore required in this case.
• for security reasons, user registration must be disabled. therefore your users must be registered beforehand, administratively and have in their possession the appropriate TOTP key.

So, very clearly, I do not recommend that you switch to primary mode.

Be aware that next year, we plan to put primary modules online in separate extensions but based on the adfsmfa solution, in particular for authentication of devices and by client certificates.

regards