AWS IAM Identity Center
XFA can be integrated as a part of the authentication process into AWS IAM Identity Center (formerly known as AWS SSO) when accesing AWS-accounts or other configured applications, to assure that devices comply with the device security policy set out by your organization.
The user is first redirected through XFA to the external identity provider (in this case Google Worksapce) to verify the identity of the user, after which device security is checked against the configured policy before the authentication is completed. Only devices that comply with the configured policy will be granted access.