Partner is using Active Directory authentication, and would like to set up two factor authentication with it. He would like to require two-factor authentication for an entire group that he's created for the AD matching/authentication, which would then allow anyone in that group who has 2fa set up to log in, but prevent anyone that does not have 2fa on their AD profile from logging in.
The problem he is trying to solve for is if one of his technicians is setting a user up in AD and forgets to add in the 2fa creds onto the profile.
The partner suggested that this may be able to be done by having the SC server check the group details and look for a flag in a specified field (similarly to how it checks a field on the specific user account for the 2fa info).
Customer support service by UserEcho