I am creating this new idea which could be considered as an extension of the existing idea (U1651913 ).
SM is already having MF IDM as an inbuilt service and also can be deployed as standalone version for providing saml2 based integration with ADFS.
Extending the same to support MF AA (saml_aa ) will be an exciting feature in current market problem. This will not only provide MFA , it will also enable IT administrator to solve almost all the access requirement.
In fact, in second phase we can think of providing a UI plugin in SM admin console. which will be a great feature I believe. I strongly feel this will add a beautiful opportunity for providing customer solution.