> What could be something missed we could look at? Perhaps you didn't configure the MFA method or one of the underlying factors as supporting non-browser access in general-authn.xml, but it defaults to supporting it so that would require a deliberate change. You have to break it to stop it from working, more or less. -- Scott