SAML ForceAuthn control per authentication cycle?

Has anyone found a way, when using Okta as the IAM plumbing for a software product, being the SP connected to external IDPs, to have the normal IDP config as ForceAuthn = false, but be able to request Okta to override that and set ForceAuthn = true for specific authentication cycles?