Yes, it is possible to selectively enforce two-factor authentication (2FA) for some users and not others using Ory Network. This can be achieved through the use of Ory Actions, specifically the

require_verified_address

action. While the

require_verified_address

action is not directly related to 2FA, it demonstrates the capability of Ory to apply different authentication requirements to specific users. You can create a similar custom action to enforce 2FA for selected users. Here's how you can approach this: 1. Create a custom action that checks if a user belongs to a group that requires 2FA. 2. Apply this action to the login flow. 3. If the user is in the 2FA-required group, enforce the second factor authentication. To implement this, you would need to use the Ory CLI or the Ory Console to configure your custom action. It's important to note that the exact implementation details for selective 2FA enforcement are not explicitly provided in the given knowledge sources. However, the flexibility of Ory's action system suggests that such customization is possible. For more information on configuring actions in Ory, you can refer to: [Actions - Require verified address](https://www.ory.sh/docs/actions/require-verified-address) Remember that implementing such a feature would require careful consideration of your security requirements and thorough testing to ensure it works as intended.