The new 2FA is only for the Laserfiche User type that can be created within LFDS, not users from external directories such as Active Directory --- so you are correct that the LFDS 2FA feature is not available for AD, SAML, or LDAP users. The 2FA option is not dependent on the user license type.

For those user types, we recommend using the MFA or 2FA options that SAML, AD FS, or LDAP support. Many SAML providers include their own 2FA options, while others integrate with a number of 2FA/MFA providers.

Essentially, we recommend that you use the identity provider options for MFA --- and for Laserfiche users in LFDS, the identity provider is LFDS itself, rather than a 3rd party like AD. 

If you were asking about the new SAML authentication option for AD users: administrators can configure a SAML provider to provide authentication for AD users that are in a different identity provider registered to LFDS. The users in the AD identity provider(s) will log in through SAML, then be mapped to their Windows user. 

If you want to use this SAML auth for Windows users feature, your SAML tokens must pass through the AD SID (for AD users) or the DN (distinguished name, for AD as LDAP), as well as including the user's groups in their SAML token.