Have ADFS SP initiated sign-on also allow MFA proof-up
Currently with ADFS 2016 and IdP initiated login you can use onload.js to intercept the error message generated when a user is not registered for MFA to provide a proof-up link for them to register. However, if it is an SP initiated login, this does not work. There is no error message presented to the browser to intercept. ADFS simply continues on and passes an invalid token to the SP which then fails authentication with no reason or error displayed by ADFS.
The functionality for SP should mimic the functionality for IdP so this works for both initiators.