MFA Configurations for VPN Services

single connect mfa can be used as a 3rd party mfa server for all applications, devices, vpns, etc that support radius authentication two options are available for mfa server support both the first authentication (with username and password) and the secondary authentication (with otp) are provided via single connect to activate this feature • define the vpn device according to the tacacs access manager configuration • enable mfa on the user group (navigate to administration > 2fa provisioning > user group management ) only second authentication with otp is provided via single connect to activate this feature • define the vpn device and the device group realm with the related users in single connect (see docid\ txyesae4bs7g4djf1nuxc and docid\ xto7vatyhkuaq6wqxgu 7 sections ) • define the element type property in the vpn device element type section navigate to device management > element type click the options button of the desired element type and select show properties set the radius auth only token enabled property value as true