I would like to as k your advice in a current scenario that should be solved by the SA.
customer is using hardware tokens (Aladdin) to authenticate users on the internal network ( AD integration - no AD password used as certificate authenticates users)
Now they want to give access to user for internal resources from home ( with company devices that has the driver installed to access certificate information on USB token )
Please let me know how would you create the user access as customer demand to get them authenticate in first line with username and certificate from the USB token and if this is successful a one time password would be sent to the user's mobile phone to input in an OTP filed to give Network Connect access.
I was thinking about Certificate server for authentication but would be enough to use a current RADIUS server authentication that would restrict user access with certificate only ? Please keep in mind that users do not have AD password that makes a bit complicated only OTP can be used.
Any other ideas are welcomed and if you have further information on how to achieve this goal.