MFA Configurations for VPN Services

kron pam mfa can be used as a 3rd party mfa server for all applications, devices, vpns, etc that support radius authentication two options are available for mfa server support both the first authentication (with username and password) and the secondary authentication (with otp) are provided via kron pam to activate this feature define the vpn device according to the tacacs access manager configuration enable mfa on the user group (navigate to administration > mfa > user group management ) only a second authentication with otp is provided via kron pam to activate this feature define the vpn device and the device group realm with the related users in kron pam (see docid\ ro39m6qkfcgeq1wxjsuyl and docid\ yzrjzaawfd8xmtlw4xhs0 sections ) define the element type property in the vpn device element type section navigate to device > element type click the options button of the desired element type and select show properties set the radius auth only token enabled property value as true