My understanding is that 802.1X for WLAN and MFA don't really get along due to the network often needing to re-authenticate. If someone has a working methodology I'd love to see it too :)The typical enterprise authentication benchmark for WLAN 802.1X is EAP-TLS using mutual certificate authentication. From there you can use posture to validate devices are in good standing.
If you'd like to do MFA the best approach would probably to do EAP-TLS or other secure authentication and then redirect the user to a Web Authentication to perform a second auth using a token or other MFA.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.