This is definitely a bit of a tricky one and I think different environments are going to have different configurations, but I can explain what got it working right in my environment. Use Case: I wanted to have employees accessing the company VPN with 2 factor authentication. Since we are