Our application is a healthcare application used by multiple organizations. Each organization has different security policies like MFA using OTP, MFA using authenticator options. We want to understand from the product team on how to customize the OOTB MFA security policy for the following requirements,

1. Enable/Disable MFA based on operators's organization
2. Remember OTP for few days (configurable) before asking OTP again
3. MFA using Authenticator app

If you can point me to the right direction on how to get these achieved, it will be helpful.