MFA passthrough from external IDP

we have integrated AzureAD as external IPD (OIDC). AzureAD has already implemented MFA for these users.
At Okta we have a web application which forces the users for MFA.
Is it possible to passthrough the AzureAD user, if they already approved MFA from AzureAD?

Some examples:

  1. AzureAD user already approved MFA via Azure and tries to access the app → no MFA prompt from Okta, because already approved from AzureAD MFA
  2. AzureAD user doesn’t approved MFA yet and tries to access the app → MFA prompt from Okta.

Thanks for your help!

Is the MFA policy set at the Okta org level or at the app level?

MFA policy on app level