For a customer who is using the NetScaler as a IDP/SP service with the NetScaler Gateway and some service provider requirements we had a nice policy limitations which caught us by surprise:
https://support.citrix.com/s/article/CTX227301-error-32-authentication-policies-are-already-bound-while-binding-authentication-policy?language=en_US#:~:text=When%20multiple%20policies%20(two%2Dfactor,binding%20for%20one%20virtual%20server.
The mentioned RFE is still in the works or forgotten but to solve this little puzzle you’ll need to go to the 31st policy binding or earlier and create a policy label with all the other authentication policies that you would want to go beyond 32 and replace the latter in the original set with a NO_AUTHN policy and the newly label as next factor.
Afterwards when using SP/IDP actions you’ll might get an unsupported message and this is related to the nFactor part which is being referred here: https://docs.netscaler.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/saml-authentication/azure-saml-idp.html
Hope it helps!