Hi
I've configured AzureAD authentication, with MFA, through a RADIUS server and Windows Server NPS role (mostly thanks to this article: Sophos XG: Using Azure MFA for SSL VPN and User portal - Recommended Reads - Sophos Firewall - Sophos Community
Users can login to the UserPortal, and are prompted for MFA correctly (side note here... was not able to get login working if you're sent a code via text. Only way I could get it working was to configure MFA to popup a prompt on the Microsoft Authenticator app)
I've now configured my IPSEC VPN (configured to autoconnect, which was the whole reason for not going SSL VPN), downloaded and installed Sophos Connect, and downloaded and imported the IPSEC VPN configuration.
When I try to connect, I'm prompted for a username, password, and a "New token or one-time password":
Where does this value come from? Our MFA is configured in such a way that our authenticator app pops up prompting if login should continue. Even if I enter the code generated by my app for this specific Azure AD account, its not accepted.
This thread was automatically locked due to age.
