Delegate SSO and MFA to different components

Hi, I m planing to use OKTA as bridge between SailPoint an SaaS applications (including IaaS such as AWS) only for provisioning and for different reasons I can’t use the MFA Features or SSO from OKTA rather I would like to redirect the SSO to AAD and the MFA to another devices and my question is would this be possible? I have a license of 5k users and we can’t afford the licences for 60K users! The Azure MFA does not respond to all the requirements unfortunately