Verifying use of MFA from IdP (Azure AD)


I’ve set up my Azure AD (using SAML) as an Identity Provider for Okta which works great.

The problem I’m having is that we need to make sure the users have logged in with there Microsoft MFA and not just passwords ( we need the check as the User is handed to Okta incase they have been set up wrong in Azure for example )

I know I could set up MFA in Okta but then for most users (the ones set up correctly ) there is not benefit to using Azure AD as a IDP if there just going to have to login again to Okta

I’ve been trying to use AuthnMethod to do this check but I can not see anyway to add it to the request (using GUI on both ends)

is SAML the correct tool or would Oauth, OpenID be a better fit ?

Can this be done ?

Many thanks for any advice