Sophos UTM 9 SSL VPN - Two-Step Authentication/Certificates

Question

Hi all, 
 We have a Sophos UTM 9 in our cupboard and I've recently configured it for SSL VPN, where users have to log-in to the user-portal with their Active Directory username and password.

However, management within the company would like to see if we could get two-step authentication enabled for this (where users then have to put in a different password). 
 We had a similar set-up before with IPCop and OpenVPN where we had to set-up the client to net certificates with a separate VPN password. Is this possible in the Sophos? The only downside I had with that was it was a bit of hassle to actually make the certificates and regenerate them for each user. Does Sophos offer a better solution? 
 Any help with this would be appreciated.

sachingurung · Accepted Answer

Hi Rob, 
 Are you trying to say that a User should use a different password for VPN services other than AD? In that case, check out the option for OTP tokens in definitions & users > authentication services > OTP. 
 Hope that helps.