Currently we have the Checkpoint Mobile for windows deployed, utilizing username+password with LDAP for login.
I'm wanting to implement 2FA, but with a staggered approach (start out with a small set of users).
I know that multiple authentication options are possible as per sk111583, however i'm a bit confused on the implementation.
Based on AD memberships I want one set of users to be on LDAP, and another set to be utilizing RADIUS (which will accept ldap credential, then go off to our 2FA server and do a push notification/PIN to cell, likely using DUO). I'm not sure if I can force the users into certain authentication types based off of LDAP roles, or if the options are presented on the client.
Any information on implementing this will be helpful