When using XFA as an extra factor to your identity provider, you don't use the security of a second factor.
Our new MFA feature can be easily enabled on an integrations through the XFA dashboard. Once it is enabled users will be asked to trust their device, a first device needs to be confirmed through an email link, a next device needs to be confirmed by an already enrolled device. Once devices are trusted, the user will not be asked for a second factor anymore, but the device will inherently act as a second factor.