Most customers did. But due to a wide variety of customer types and various hybrid auth environments, we had to support 2FA directly in-platform as well.

There were also privilege elevation scenarios to consider, e.g. to access highly sensitive data, the current authenticated user must enter a 2nd factor to continue.