Like any standard RADIUS implementation,Password manager sends both the username and password for verification. How RADIUS is configured results in the second part of that verification. Hence the 2FA – or two factor authentication:
Factor 1: The username and corresponding password
Factor 2: Either a PIN, token, phone call, SMS text, or App prompt
Factor 1 is us sending username & password to RADIUS.
Factor 2 is RADIUS doing the second part in however it’s configured – be it OTP, PIN, etc.
In terms of Azure MFA support, it is offered only through the RADIUS server. We do not support direct Azure MFA functionality at this time. We are looking to include this in a future release of Password Manager, but in the interim we have no supported “out of the box” option. Since our RADIUS 2FA option requires both username and password, this means it cannot be used in the workflow for “Forgot my password”