I have been testing AnyConnect configured with RADIUS authentication. I need to be able to do MFA using Azure, I have this working using the NPS Extension for azure MFA on a windows NPS server but only for push notifications using the Microsoft Authenticator app. In Azure the Authenticator app has to be set as the default for the user for it to work.   Is there a way to use the AnyConnect app for MFA methods that are not push, for example is there someway to be able to type in an SMS or authenticator code? There doesn't seem to be any field to enter it, if you enter a username/password it just kicks you out back to the username/password screen and then you receive an SMS code but there is no where to enter it in the anyconnect client.   SAML using Azure lets you select the MFA method because it redirects you to the normal Microsoft login page however SAML doesn't (at least not that I can see) offer a way to have separate vpn groups with different permissions in the way the RADIUS does with the filter-id and group policies.   Has anyone found a way to make this work?     ... View more