Our company use F5 BIG-IP APM (Access Policy Manager) VPN Gateway to authenticate remote access user. It is now an requirement to implement OTP (One Time Password) as an authentication method for the VPN client. We already have an Microsoft Active Directory in place and also installed the Safenet Authentication Manager Service to use OTP Hardware token. According to the F5 BIG-IP VPN Technical document, it can use OTP authentication by pointing to a RADIUS Server instead of to the MS Active Directory.
My question shall we install the Network Policy Service (provided by Microsoft) as a RADIUS service or use the Safenet OTP Plug-in ?
Also, what is the high level step-by-step procedure for setting up such implementation ?
Appreciate you kind advice in advance.