I am having an issue even trying to prompt push or using the duo codes. I can confirm the code is correct. If there is an alternative to creating an app policy that can require a different OTP factor and restrict it to that, that would be an adequate work-around.