To Start the Authentication process first /StartAuthentication is called.
Once this /StartAuthentication is called, Response is received with SessionID and MechanismID. For Multi Factor Authentication(MFA), two or more mechanismID will we availble in the response.
For example, I have one login verfication using password and email verification in which OTP is sent to my email which must be entered for my Login to be success. So, when /StartAuthentication is called. Two MechanismID will be generated in response
Next, /AdvanceAuthentication is called. In which session ID and both Mechanism ID are included using MultipleOperations. Along with the password of the user
Once /AdvanceAuthentication is called, "StartOOB" sends an email with OTP.
Next, /AdvanceAuthentication is called AGAIN. In which MechanismID of the email verification is included along with OTP.
Authentication is complete, "Login Success" will be shown in the response.