The use case that we have is to add an additional custom authentication factor to an Azure AD via Gluu (which is protecting a Moodle application) that will call our SaaS platform with an interception script to verify user identity via user's voice. This factor should have fallback options to avoid blocking the user outside and ideally to possible to be added as main authentication in standalone without other factors needed. Regarding identification of the user we have a random id that should be associated with the user profile and passed in each authentication call, this will be generated in enrollment which will be performed on first access to the platform after succeeding in a challenge. The integration in between Azure AD and our platform can happen via our API Rest, OIDC or SAML as we are leveraging an IdP internally. Our problem is that we are regarding integration options for Azure AD and Gluu but the only connections that we have found are replacing completely authentication https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp. This way all fallback mechanisms that we could implement for the vocal authentication will still rely on the platform and Gluu being available and a possible second factor to log with Azure for example will expose user data to us, not being ideal as we just want to store a random identifier for the user and be agnostic of a user strong identifier like the email. Another extra inconvenient is the need of having an Azure on-premises to be synchronized with Azure AD and adds more complexity the architecture of the solution and also an extra point of failure. In order to support these scenarios the only option that we have found is "Conditional Access" (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview) but the list of supported vendors is limited and an internal list that was passed to us does not include Gluu. Is this possible with Gluu? Are there plans to support this feature?