Problem Statement:
When attempting an IdP-Initiated SAML login while having Identifier First + Biometrics as a first factor passwordless login option, the login flow will stall with a classic MFA prompt displayed with a spinning loading circle.
Solution:
This is due to a product issue. Before the fix, a temporary workaround could be to create a rule that disables MFA for either the SAML connection or an application if that fits the customer use case:
function disableMultifactorAuthentication(user, context, callback) {
if(context.connectionID === "[your_connection_id]") {
context.multifactor = {
provider: 'none'
};
}
callback(null, user, context);
}