Step up authentication for certain scopes requested

Asking on behalf of a customer.

We have the scenario where an app wants to allow users to do a basic authentication for normal operations and then perform a step up authentication for more risky operations. How would we go about doing this for an authorization code flow in Okta? I’ve had a look at the Access Policies inside Authorization Server inside Okta, but I didn’t find an option for specifying MFA for certain scopes.

I was ideally looking for a way to build the MFA step up in to Authorization Code Flow. This link looks like it uses the normal Factors API call with a session token. Let me know if it’s possible to do anything inside Auth code flow.