New Universal Login Experience Limitations
The New Universal Login Experience currently has these limitations:
You can create Page Templates to customize the universal login flow UI, but you can't create a completely custom UI. If you want to do that, you need to customize the HTML pages for each prompt (Login/Password Reset/MFA), where by default, you will get pages that behave like the Classic Experience
Kerberos for AD/LDAP connections is not supported. Users will still be able to type their credentials to log in using an AD/LDAP connection, but only if:
the username is in email format.
no other database connections are enabled.
The Signup page only lets users enter username/email/password and does not offer the ability to prompt users to accept terms of service.
To use DUO as an MFA factor, it must be the only factor enabled. It will render the same pages as in the Classic Experience.
Passwordless login is not supported.