...
Currently the Haka MFA service uses Time-based One-Time Password algorithm (TOTP) standard RFC 6238 as an authentication method. In practice, the user can for instance have a TOTP compliant app (such as, Google authenticator) in their smartphone.
In addition an SMS-based authentication is used in user registration process. When a user is directed to the MFA service their identifier released from the IdP is examined. If the user has an existing second factor configured, the MFA can be invoked directly. If there are no existing second factors associated to the identifier, the user is directed to register and configure their second factor. The second factor registration is carried out by sending an SMS to the user's registered cellphone numberThe Haka MFA service counts on the IdPs for identity proofing. The IdPs are assumed to release the user's reliable cellphone number that is used for delivering a registration code as an SMS. New MFA users need to present the registration SMS to the MFA service to associate the MFA token to the proper IdP-authenticated user.
Getting started with Haka MFA
...