Hi colleags, please help me find a solution.
At the moment, we have many VPN users who connect through the VPN client using their credentials.
We want to gradually change the schema to certificate+username/password.
Unfortunately, I have not found a solution to how to do it gradually.
For example, for one group of users in AD (as example "VPN_Credentials"), the username/password method works, and for another (as example "VPN_Certificate"), certificate+username/password.
Thus, we could painlessly transfer users to a more secure authentication scheme.
In this case, it is necessary that a specific authentication method be available to users only from for a specific group.
Those. for users in a group "VPN_Credentials" - only username/password method.
For users in a group"VPN_Certificate" - only certificate+username/password method.