The following events occur during these steps. Is this behavior normal?
1. The administrator creates a user and grants them permission to enter an email address and phone number.
2. The administrator adds the user created in Step 1 to the MFA exemption group.
3. The created user logs in using their ID and initial password. At this point, MFA should not be required.
4. The logged-in user registers their email address and phone number via their profile.
5. After registration, the administrator removes the user from the group and enables MFA. MFA should now be applied at this point.
6. When the user logs in again, MFA is applied, but only the email and SMS options are displayed; other MFA methods are not shown.
We want them to be displayed.
※Note: Email and SMS are already configured and manually required for users with a specific role. This role is assigned to the created user.
※Removing the above role should display Authentication App and Face Recognition, indicating they are enabled. For some reason, email and phone number are prioritized.
