Multi-Factor Authentication

We are currently using DUO for MFA. We have this working for our internal users when they go the application sites using a DAG and our internal domain. We are struggling though with 2 other areas:

1. We have customers who are not part of our domain who login to our application with random email addresses and domains. We have not got them working.

2. The builder site we are not able to do anything with that.

Has anyone ever used DUO or another solution to implement MFA for non-domain users and on the builder site?