Option to disable/enable Code mfa per user

[T-Amin]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

If code MFA is enabled via kratos.yaml, there is currently no way to deactivate this method for specific users.

We intend to use code as a fallback method if a user does not set up any other MFA, such as TOTP or WebAuthn. Once a user sets up another, possibly more secure MFA method, they should be able to deactivate the code method.

Additionally, if code MFA is enabled and required_aal is set to highest_available, users can log in with AAL1 as long as there are no other methods active for AAL2.

Describe your ideal solution

Activate/deactivate code method with settings flow.

Workarounds or alternatives

none

Version

v1.1.0

Additional Context

No response