The API documentation for Post-Login Actions mentions these two methods related to MFA:

• api.authentication.challengeWithAny
• api.multifactor.enable(provider, options)

This article explains the difference between these two methods when triggering MFA.

• api.authentication.challengeWithAny
• api.multifactor.enable(provider, options)

The difference between these two methods is covered in more detail on Customize MFA Selection for Universal Login documentation.

In addition to the above documentation, here are some additional details regarding these methods:

For the api.multifactor.enable(), the supported providers are the following:

• "any" Use any of the configured challenges.
• "duo" Use the Duo multifactor provider.
• "google-authenticator" Use the Google Authenticator provider.
• "guardian" Use the Guardian provider.
• "none" Use none of the configured challenges to prevent the MFA flow from triggering.

If the goal is to enable MFA challenges("any") or either "duo", "google-authenticator", or "guardian", then call the api.multifactor.enable().

When using the api.authentication.challengeWithAny, it will enable a group of factors in one call; below is what a sample call looks like:

api.authentication.challengeWithAny([{ type: 'sms'}, { type: 'push-notification' }]);