Functionality

1. Always enable the MFA Admin application (for lockout- and token management) and assign it to the local http interface (for protection).
2. When signing is used (for tickets etc), upload a specific certificate. Do not use the certificate shipped with the product.
3. Configure SLO from the beginning for federation/oidc flows.
4. Change the redirect for / (defaults to /config). Change from /config to something relevant at the customer.