MFA based on client IP / subnet

New question, now that I got past my issues with SAML IdP configuration and checkSsl…

Can someone give me pointers (if it’s possible, even) as to how to configure two-factor / MFA based on client IP address / network?

In other words, can we enable multi-factor for login only if the client is coming from a public IP, versus from within a trusted internal subnet?

If so, links / pointers / steps?

Thanks.

Been digging around and I’m thinking it’s similar to this:

If not, please let me know if I’m on the right path, or if there’s an easier alternative already built in (would think this would be a ‘regularly asked for’ feature.

Were you able to make MFA based on client IP / subnet work ?

I was not, no. (And yes, this is still a want / need, albeit, we’re getting by for now.)