So this looks like a very bizarre issue but I have my 2FA (using RADIUS) configured in Sophos.
All testing in RADIUS portion configuration looks normal.
and even in the RADIUS side (both on the Windows NPS agent and the 2FA components) everything successfully authenticates.
BUT Sophos itself when attempts to use the RADIUS authentication system, it returns an error with no real reason why its failing. (especially since according to all the RADIUS pieces it was a successful submission)
2016:08:31-12:10:46 reno-firewall aua[23749]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="173.164.229.17" host="" user="docm" caller="portal" reason="DENIED"
This thread was automatically locked due to age.