Thanks Sam. I'll explain better my case. - We didn't define default authentication metod for user and for host/service - For all defined users we enabled only OTP metod (we want that all users use 2 factor) - All users have to use OTP to log in each enroled hosts - Our VPN system use LDAP (freeipa server) to authenticate the users (users defined with OTP), then the users need to user passwod+otp to start vpn client --> LDAP client (vpn server) is not enrolled, it is not possible (forcepoint)
My target is: - force the users to use otp to start VPN and to don't use otp (only password) to login all other hosts in virtual private network.
Some ideas?
Thanks