Hook in what you already use, or choose a freestanding option.
What kinds of multi-factor authentication are supported?
Both temporary one-time passwords (Google Auth, Authy, 1Password, etc) and hardware tokens (Yubikeys, etc) are supported out-of-the-box. OIDC goes live this fall.