In our system, we have RADIUS clients that undergo 2FA using RSA AM (All RADIUS clients need 2FA). We have to move user credentials to ActiveDirectory and use it as the identity source. In such case, can the NPS be used as the RADIUS server ? I mean can RSA AM be used to only do token verification while RADIUS server is in the NPS?
Or should the RADIUS server be in the RSA AM and use NPS as RADIUS proxy?