There are many situations where a username and password will not be enough. Therefore you'd need to request the user to go through a multifactor authentication flow.

While Salesforce Login Flows allow you to manage MFA at Login time only, CYM-Identity allows you to extend this logic to a per-request level.

CYM-Identity provides a hook where you can choose a custom page where the user would be redirected in order to challenge her.

Right now, we only provide a programmatic way to specify the page.

In each Realm, you'll need to assign a plugin Handler which will respond to the action get:challenge:page.

Our Github Repo includes a full example for MFA, including TOTP, WebAuthn (FingerPrints, FaceId, Windows Hello, ...) & Push Notifications