is it possible to have ssl vpn (remote access) with multi factor authentication in two steps?
this means a further step in authentication process asking for otp?
background: we would like to save user password in vpn client and only ask for otp each login. this would help to increase convenience for user and acceptance for mfa.
or is such a feature planned?
Hello Sophos22,
Thank you for reaching out to the community, Yes MFA is supported for SSL VPN remote access & IPsec remote access:
https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/OneTimePassword/index.html
Sophos Connect Client does save the username and password but OPT can not be saved along with it as it changes in real time. 
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
That would be feature request as of now.
To submit your idea, reach out to your Sophos Partner, Sales Representative, or Sales Engineer, so they can enter the information directly into the Feature Request system.
Additionally, you can use the in-product feedback in the Sophos Firewall located in the Top Menu bar.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
