Most brightspace users access brightspace through SSO so MFA happens through o365 the way people are used to seeing it. For super admins or people with "local admin" access they have always on local MFA managed through Brightspace so they may have to authenticate twice. This is to ensure that people that can login locally (not with SSO) will still have to go through MFA for compliance and authentication requirements. We recommend the google authenticator mobile app for those that are required to do a local login separately from SSO. To reset that Google authenticator option (if someone deletes the code or gets a new phone and doesn't transfer their MFA code) you can "deactive" MFA for that user in the Brightspace settings and then they will be prompted to set it up again next time they login.
In brightspace, go to "settings," then "users," then search for the person you need to adjust settings for, Select them and scroll down, and then click "disable" next to MFA.
Once that is done Brightspace should show that they can login up to 5 times before MFA is enforced
