The SurePass Secure Token Service (STS) is a SAML 1.1 Identity Provider (IdP) designed to support SharePoint 2010 or 2013.
We do have a SharePoint 2010/2013 Identity Provider (IdP). The way it works from the user perspective is similar to SAML2 but the plumbing is different:
1. Configure SharePoint server for SAML 1.1 STS using SurePassIdP.
2. When you login to SharePoint via browser (on any platform not just iOS) SharePoint will do a POST to SurePassIdP.
3. The SurePassIdP will render the login screen to match the user device; mobile UI or Rich UI.
4. The login screen will require the user to enter login credentials and 2FA credential. The user can use any 2FA that SP supports to login in. The single factor will be AD (or SurePassId directory if you want to keep AD out of it. One of Canadian clients is setup this way).
5. Once authenticated SurePassIdP signs the request and POSTS back to SharePoint and the home page is displayed.