Hello,
We're attempting to add an additional layer of security to certain resources that are authenticated/authorized through our SAML2 IDP (NetIQ Access Manager). One of the auth method available is RADIUS, so we're wondering if ClearPass can help us with the functionality we want without building/buying another RADIUS server.
The functionality we want to add is the ability to use SMS and/or email (preferably user-chosen at login time) to send an OTP token as a second layer of authentication (after user/pass). Assuming we provide the SMS and email gateways, is this something CP can handle and has anyone ever done such a thing? Any reason I could be missing why we wouldn't want to do this using CP?