Posting this as could not find a kb article that documents this problem or anything already in the forums PSC - 8.3R1 Client - 5.3
First factor - active directory credentials Second factor - Only allow users with a client-side certificate signed by Trusted Client CAs to sign in.
works using a browser does not work with VPN client
Certificate must be signed using SHA-2 Was hoping all you would need is a trusted certificate but this is not the case. Hopefully no one else will waste time logging a support case about this as I did.