Hi David,
I guess you can set the login module flags in IDP. On SP side, I remember you can specify which login modules from IDP are mandatory in Trusted Provider tab. Sorry I don't have access to ex-customer's system, and cannot help you further.
Cheers,
Chenyang Xiong