Hi @Mikhail Baluev • Thank you for reaching out.
To make it work with the same session, I would suggest you use the same custom policy rather than using two different signup/sign-in policies and update the pre-condition in the user journey to determine whether to trigger MFA or not in the given scenario.
In this thread, I have provided details on triggering MFA only when it is not already done at the federated Azure AD tenant. You can follow a similar approach and define a precondition to trigger or skip MFA.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.