I noticed that the Okta Account Management Policy page in Authentication Policies allows for progressive authentication (so it only requires multiple factors if the user is enrolled in them); however, it seems this option doesn’t show up for app sign-in? It is a bit confusing. We want to make MFA opt-in, so those who enroll in it would be required to do their app sign-in with it and would otherwise sign-in via password.
Is this sort of setup possible?