When using an external IDP, you may still be prompted for MFA options for your M365 account. Here is an article about why this happens and how you can fix it.
Microsoft M365 Entra ID has an option to apply "Security Defaults" which force end users to take extra steps to secure their sign on to M365. When using an external IDP that handles MFA, this is not desirable in most cases.
Here is a link to a Microsoft Learn Article describing what this option means: Microsoft Learn - Security Defaults
You can see in the article where this option is enabled or disabled for the tenant:
If you are using our SurePassID Authentication server for authentication with your M365 system, we recommend disabling that since MFA is applied via our service. We do also recommend you read through the above to understand the implications of disabling the feature before you make any changes. You may find that you can leave it on and require just a minimum of additional info that would be entered one time by the end user, and this should not interfere with normal authentication via the external IDP.