Ever since I changed to the Risk Engine (Post Auth), the Mobile Access app just loops on the initial authentication.... it appears to initially succeed with the username/password, but by the behaviour it looks like that when it hits the RiskPostAuth, it kills the initial username/password....

1. Username/Password
2. RiskPostAuth (history & fingerprint)
3. Possible step up to TOTP

Desktop appears to behave as expected....bypassing TOTP on a pre-used machine and asking for TOTP on a new machine.