We're wanting to use Azure MFA as a second step authentication method with our 2016 ADFS environment. We have two separate Azure AD/Office 365 tenants, and several other relying party trusts in a single ADFS farm that we wish to use it with. Azure MFA is currently setup and working for Tenant A users with a custom theme that redirects if the user hasn't gone through the "ProofUp" process (based on Microsoft's documentation). It is also setup on the other RPTs to require MFA if the user is a member of a specific on-prem AD group. Tenant B users aren't currently licensed for Azure AD Premium, so we have not been able to do any testing yet.
If we get the licensing worked out for Tenant B to have Azure AD Premium 1, will we be able to configure ADFS and Azure MFA to support both tenants?
How would we customize the onload.js theme to capture the authArea errorMessage and forward to the appropriate Azure tenant based on the user's domain (since the instructions require the use of a domain name for the mfaRegisterUrl)?
Any feedback or recommendations would be very much appreciated.