diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19ffd3bbc44c7e274b934520e873f265bb6fff7b..6dfe9bd3cf39092d036e1d79549e6a1b73ca0a8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
  All notable changes to this project will be documented in this file.
  
  ## [Unreleased]
+ [Added]
+ - Added support for MFA
  
  ## [v1.2.2]
  [Removed]
diff --git a/themes/elixir/perun/disco-tpl.php b/themes/elixir/perun/disco-tpl.php
index d1618700fc7d3dae149b3a3a916883294241970d..a99edb00da2c429967a83c8981b6b490f774f57a 100644
--- a/themes/elixir/perun/disco-tpl.php
+++ b/themes/elixir/perun/disco-tpl.php
@@ -23,11 +23,15 @@ const WARNING_USER_CAN_CONTINUE = 'userCanContinue';
 const WARNING_TITLE = 'title';
 const WARNING_TEXT = 'text';
 
+const MFA_IDENTIFIER = "https://refeds.org/profile/mfa";
+const MFA_IDP = "https://stepup.elixir-finland.org/idp/shibboleth";
+
 $warningIsOn = false;
 $warningUserCanContinue = null;
 $warningTitle = null;
 $warningText = null;
 $config = null;
+$authContextClassRef = null;
 
 try {
 	$config = SimpleSAML_Configuration::getConfig(WARNING_CONFIG_FILE_NAME);
@@ -68,8 +72,22 @@ if ($warningIsOn && !$warningUserCanContinue) {
 	$this->data['header'] = $this->t('{elixir:elixir:warning}');
 }
 
+if (isset($this->data['AuthnContextClassRef'])) {
+	$authContextClassRef = $this->data['AuthnContextClassRef'];
+}
+
 $this->includeAtTemplateBase('includes/header.php');
 
+if ($authContextClassRef != null) {
+	foreach ($authContextClassRef as $value) {
+		if (substr($value, 0, strlen(MFA_IDENTIFIER)) === MFA_IDENTIFIER) {
+			SimpleSAML\Logger::info("Redirecting to " . MFA_IDP);
+			$url = $this->getContinueUrl(MFA_IDP);
+			SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
+			exit;
+		}
+	}
+}
 
 if ($warningIsOn) {
 	if($warningUserCanContinue) {