The user should choose between two 2fa authentication methods (otp or webauthn). One is required and this is the problem. I can set alternative to required in the authentication flow but this is require the method for all users, even if someone choose the other one. If I set both to alternative it is only required if configured or the user. Is there any way to require one of both methods?
I have the same problem. We want people to configure either otp OR webauthn.
as far as I can see at the moment, it is not possible to force users to configure their accounts like this.
Any ideas?