The user generates a one-time passcode from their WiKID software token. They enter it into the SSH password field. The credentials are passed from the SSH gateway to NPS via radius. NPS validates that the user is active in AD and in the proper group. If so, it sends the username and one-time password to the WiKID Strong Authentication Server still using Radius. If the OTP is valid, the WiKID server responds to the NPS, which in turn responds to the SSH gateway server and the user is granted access.http://www.networkworld.com/article/2208967/mobile-security/two-factor-authentication-through-windows-server-2008-nps.html
1. User logs into RD Web Access and double clicks a RemoteApp (or desktop connection)http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/
2. The user’ login credentials for the website are used to validate the user (Web SSO), so no need to give them again.
3. The user then gets an SMS text message on their smart device that provides them a 6 digit numeric code (the one-time password).
4. The user replies to the text message by inputting this 6 digit code and adding their unique pre-defined PIN to the end of the sequence – Azure MFA includes the option to require the user know a predefined unique PIN as well, so that replies to a text message have to come from the user.
5. The user is authenticated, and the RemoteApp (or desktop connection) opens.
Google Authenticator token verification iRulehttps://devcentral.f5.com/articles/two-factor-authentication-with-google-authenticator-and-apm
Google Authenticator token generation iRule