Support Multifactor Authentication

[MikeNeilson]

Is your feature request related to a problem? Please describe.
Internal identity provider will need to support at least one form of multi-factor authentication.

Describe the solution you'd like
Most likely scenario for the internal IdP is to have login forward not directly to the desired page but to an MFA verification page first and then continue on.

Describe alternatives you've considered
Don't bother and inform people they should use an external IdP to support MFA. (May or may not work with an LDAP provider)

Additional context