MFA Configurations for VPN Services

kron pam mfa can be used as a 3rd party mfa server for all applications, devices, vpns, etc that support radius authentication two options are available for mfa server support both the first authentication (with username and password) and the secondary authentication (with otp) are provided via kron pam to activate this feature define the vpn device according to the tacacs access manager configuration enable mfa on the user group (navigate to administration > mfa > user group management ) only a second authentication with otp is provided via kron pam to activate this feature define the vpn device and the device group realm with the related users in kron pam (see docid\ sdxwyf2 2cvfwknm2ehaq and docid\ qql9mt nkd8moqeis7bvj sections ) define the element type property in the vpn device element type section navigate to device > element type select the element type, then proceed by clicking the actions button (green arrow) click edit element type select authentication device as an association tag and proceed with the next button expand the radius – tacacs menu on screen switch the "radius auth only token enabled” parameter as on