Hello,
Using ISE to authenticate VPN Clients on Anyconnect is supported using external identity sources such as RSA Token Server.
However, what happens if I want 2 factor authentication:
1. User Connects to Anyconnect
2. User provides AD Credentials
3. User is then prompted to provide RSA code
4. Access is granted
I've seen this in production many times before but not sure if a separate product is required.
Is this achievable solely using ISE? As I cannot find where you can do this ISE, I thought it may have been identity source sequences, but this just specifies alternatives sources in case of auth failure.
How is this achieved? Does ISE "chain" or "cache" the credentials from AD, then goes to RSA to check 2nd stage?
