is there an example of using a custom policy to allow 'try another way'.
Scenario is TOTP primary with Email as an alternative MFA flow. If the user doesn't have their phone for TOTP, they can use Email MFA (both MFA methods are configured for the user)
We are trying to mimic the Entra login flow such as:
For example in TOTP, it seems the 'OTPVerification' Technical Profile seems to actually show a (CombinedSignUpSignIn) unifiedssp Content Definition even though it's supposed to be a selfasserted Content Definition.
With this being the case, I've managed to override the 'Forgot Password' link to the AlternativeMFAExchange (which triggers the Email MFA subjourney)
e.g.
<Item Key="setting.forgotPasswordLinkOverride">AlternativeMFAExchange</Item>
This isn't ideal as the OTPVerification page now shows 2 fields as it's a CombinedSignUpSignIn page, with the OTP code itself being required in both the 'username' and 'password' fields before submitting. This can be reconfigured with javascript using custom html pages but...
Is there a better way to mimic the 'try another way' way that Entra does it rather than trying to fudge a custom policy like the above method?