I am looking to better understand the programmatic interface for MFA with AzureAD. I have federated my domain as a Service Provider to an external identity stack. When I perform actions where Azure requires MFA, I have to authenticate to Azure via the federation auth portal, confirm with that Identity system's second factor. Then Azure asks for its own MFA confirmation. I want to be able to signal to Azure that a second factor authentication confirmation has already taken place so that my users do not have to double 2FA these sessions. I saw some mention of a setting in Okta that enables this. I am not using Okta but want to understand what functionality they are utilizing to suppress the second 2FA ask by signalling Azure that MFA has been completed in the federation layer.