2nd Factor for access on non-company devices

I’m searching for a way how I can configure to allow SAML login from corporate devices (Win 10 PC, iPhone) and make access from private devices (Win 7/10 PC, Mac, Android, iPhone) possible via additional 2nd factor. Any idea how to achieve that? Maybe with some header information or by leveraging a certificate, regKey check?

Could you elaborate on the setup? I’m not sure I can follow.

If 2FA is set up, it will be enforced for all devices.

okay, we found a perfect way: we identify the devices on our IdP and define on that level if one or multiple authentication factors are enforced. Finally we then hand over the SAML claim…