Are there self-hosted versions of something akin to what okta does? Push notifications with a validation step that the actual user initiated the authn request?
Knowing how dead simple TOTP is technically, it's blown my mind that more companies don't host their own totp authn server.
Most places don't host TOTP auth servers because generally you want to bundle up the whole authn/authz package. Since you need your MFA flow to be connected to your primary auth flow, having one provider for one and then self-hosting the other is generally not smooth or easy.
Push notifications are also, in my experience, a massive pain (both in terms of the user flow where you have to pull out your phone, and in terms of running infra that's wired up to send pushes to whatever device types your users have). Notably, now you need a plan for users that picked a weird smartphone (or don't have a smartphone).
The better option is to go for passwordless auth, which you could self-host with something like Authentik or Keycloak, and then it handles the full auth flow.
Knowing how dead simple TOTP is technically, it's blown my mind that more companies don't host their own totp authn server.