We are using Google authentication via splash page for our staff in our HQ.
this was all working (relatively) fine until we forced 2FA for all our users out for security reason.
now this is still fine for them to authenticate on laptops/macbooks but when they want to authenticate on an iphone that is also their 2FA device it will ask them to go to google mail app or text app to allow the login attempt. once they go to another app it stops the authentication process on the phone and you have to start from scratch, sending you in loops unless you try to connect without authenticating and then do the process in safari on the iphone which will not stop the authentication process when going to another app to allow the login.
but obviously that is not something we can ask our staff to do.
I blame Apple for this.
anyhow i found a workaround that applies a policy based:
The 'mobile device' policy then bypasses the splash page. and assigns the device to our guest VLAN so they have less access to the network since they don't have to authenticate.
Does anybody have another 2FA workaround or are there any flaws to this workaround?
short update, the assigning a policy pré-splash page like a did here doesn't work either. it worked a couple of times where the splashpage just said successful and u would click done and you'd be connected. those times must've been flukes because now on my iphone it still shows the splashpage and asks me to log in.