I believe I have a feeling of what you want to accomplish but am not sure about the execution. If we would like to have multiple authentication methods, the only way I can think of is by Site-Specific SAML. This would limit you between local authentication and any number of SAML providers though.
If we would like to stick to Active Directory, and want to maintain external access, your assumption is correct in regards to Trusted Authentication. I would recommend reviewing the materials provided below to help narrow down your decision:
Hope this helps!