Allow Sphinx to check whether the MFA is needed.
One of the requirements we get asked for is to be able to allow users to 'trust this machine' for X days 'like Microsoft'. If that is set then the MFA is not required to validate the login (just the username/email and password).
This could either be handled completely by Sphinx (nice) although an event which enabled the application to manage this would be fine, sort of
procedureSphinx.BeforeMFA(var IsRequired: boolean);`
The Sphinc system would need to return a machine id of some description.