SSO\MFA Enablement (opsgenie)

Hello, how are you? Regarding your question, I would try the following:

You can, yes, meet the MFA requirement from Vista by integrating Opsgenie with the corporate SSO of Gainsight (as long as your IdP already enforces MFA). In terms of Atlassian documentation, the flow is:

Configure SAML SSO in Opsgenie (using the IdP that Gainsight uses – Okta, Azure AD, ADFS, etc.).

Ensure that MFA is enabled on the IdP for the users/groups who access Opsgenie.

Use this configuration as evidence of MFA enabled for Vendor Risk / Vista.

Opsgenie + SSO Integration (Gainsight IdP)
Opsgenie supports SAML 2.0 with virtually any IdP, so the Gainsight SSO can be used as Opsgenie's "official" IdP.

https://support.atlassian.com/opsgenie/docs/configure-saml-based-sso/

Main points from this doc:

In Opsgenie:

Go to: Settings → Login and SSO.

Select SAML as the Identity Provider.

Copy:

Identifier (to be used as Audience/Entity ID in the IdP).

SAML 2.0 Service URL (Opsgenie's Assertion Consumer / SSO Endpoint).

In the IdP (the same SSO used by Gainsight):

Create a new SAML application for Opsgenie.

Configure:

Audience/Entity ID = the Identifier value from Opsgenie.

Assertion Consumer / Recipient / SSO Endpoint = Opsgenie's SAML 2.0 Service URL.

The NameID should be the user's email (format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress), and it must match exactly the user's username in Opsgenie.

Back in Opsgenie:

Paste the IdP's SSO Endpoint (Login URL) in the SAML 2.0 Endpoint field.

If you use Single Logout:

Paste the IdP's SLO Endpoint, and configure Opsgenie's SAML 2.0 Service Logout URL in the IdP.

Export the IdP's X.509 certificate, copy its content, and paste it in the X.509 Certificate field.

Check Enable Single Sign-on and click Apply SSO Changes.

https://support.atlassian.com/opsgenie/docs/configure-saml-based-sso/

I would try this. If any error appears, please bring evidence to facilitate understanding the error.