I am currently running a dedicated Virtual Gateway to act as the Primary PDP that supplies identity data to all the Gateways in our environment. This PDP authenticates against our Corporate Active Directory to populate users into various Access Roles. At the moment, all my Management (SMS, SmartEvent, PDP) is running R80.20. Throughout our environment, I have a mix of R80.20, R80.10 and R77.30 VSX Gateways. 

I would like to begin testing the new RADIUS Two Factor Browser-based Authentication feature that was added in R80.20. If I created another virtual Gateway with IA enabled, configured for 2FA RADIUS Authentication, would the users authenticated via 2FA work with Gateways running on older versions connected with Identity Sharing?

We still use the legacy Client Authentication access model to require users to authenticate with RSA tokens before gaining access to certain environments. I really want to get rid of this and replace it with 2FA via IA but was hoping to not have to wait until all our Gateways get upgraded.

Thanks in advance for everyone's input!

Dan