Certain businesses are required to follow regulatory guidelines regarding cybersecurity; one such guideline, New York Department of Financial Services Cybersecurity Regulations (23 NYCRR Part 500), requires that any platform hosting non-public data from covered entities (such as employee PII) must be protected by MFA. Most folks can handle this via their SSO configurations, but there are cases where that is not feasible. In those cases, the ability to deploy, at a minimum, a TOTP phone based authenticator token would be greatly appreciated.