@ParshuDA, Thank you for reaching out. Ideally, the steps to achieve the above description is with Azure Active Directory are:
- Create the signing form with only the signin button
- Once the user clicks on the signin button, he/she would be taken directly to the AAD's
https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize
endpoint. - This authorize provides the form to enter the username and password and this form is directly posted by AAD.
- Once you put in the credentials, you hit the signin button. If there is MFA enabled using either conditional access policy or on that user directly, then MFA prompt would come up.
- After the MFA is successfully done by the user, AAD issues an access token, which would have the MFA done claims too along with the other required/configured claims
- This token issued by AAD, is posted by AAD on the Application/WebApp's redirect URI for the WebApp to consume the token and grant access to the user.
Note: The steps mentioned above, is suitable for the OpenIDConnect and Authorize-Code Grant Flow of OAuth2
Also, you can check the following ASP .NET Framework sample for your reference: https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect
If you are using any other language to develop the web app, you can check the following link to get the list of supported languages for MSAL (Microsoft Authentication Library) to get the samples for the respective language: https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.