You can configure each realm to support multifactor authentication by providing a handler which will specify the page where the user should be redirected to complete MFA.
The following section describes how you can create your own Plugin which will be invoked during multifactor authentication
An apex class which implements the standard Salesforce Callable and handles an action get:challenge:page.
The action will be passed the following parameters
request : Map<String, Object> : The request parameters
user : Id : The Salesforce SObject Id for the user for whom the authentication is requested
The expected return is a String which is the URL for the page where the user should be redirected to complete her multifactor authentication. If the returned value is null, the user flow will continue and the user will not be requested to complete MFA
MyOIDCProviderCallable.cls
1global class MyOIDCProviderCallable implements Callable {
2 global Object call(String action, Map<String, Object> args) {
3 if (action == 'get:challenge:page') {
4 return '/challenge';
5 }
6 return null;
7 }
8}