In that case, if initial authentication is successful, request is routed to
the MFA subroutine for step-up authentication. The gating criteria for MFA is
, where the session variable
was populated in
the AD Authentication subroutine. The example ties the two subroutines together: as soon as the
first subroutine is reevaluated, the second must be reevaluated again.