Last week, a major financial services firm switched from another ZTNA vendor to Bitglass. They routed SAML SSO via Bitglass for a highly sensitive internal app and flipped the switch. Much to their surprise, logging into the app triggered MFA twice. The bankers were annoyed at the inconvenience. What gives?