How to Enforce Multiple Possession Factors in Okta Authentication Policies?

I’ve configured a custom OIDC Identity Provider (IdP) as a possession factor and created a new authenticator mapped to this custom IdP. After enabling the relevant Early Access features, I can now successfully create authentication policies for specific applications that enforce the use of my custom authenticator as a possession factor.

However, in certain cases, I would like to enforce both my custom authenticator as a possession factor and at least one other factor, such as TOTP or Push. Unfortunately, it seems that when I enable multiple factors (e.g., my custom authenticator and TOTP), the policy allows users to access the application by using any of the enabled factors, rather than requiring multiple factors.

Is there a way to enforce the use of multiple possession factors simultaneously within authentication policies? If not, are there any workarounds or best practices for achieving this?