Category:
Authentication, User Permissions
You can write policy requiring that users in one of a list of groups have a second factor registered and enabled. See https://www.agilicus.com/anyx-guide/multi-factor-authentication-cfg/#require-multi-factor for more details.