very broadly, you can use FAC and FTK combination to force 2FA auth for these things as well:
- Windows login (including RDP, or limited to RDP only)
- OWA login
-> requires a domain structure and Windows/OWA agent to run on the host/Exchange server
- SAML authentication
-> any application you configure with SAML authentication, you could point to FAC as IdP
-> FAC would require username/password and token from the user as appropriate
- in most places where you can introduce some kind of authentication (RADIUS/SAML especially), you should be able to point back to FAC as authentication server
There is also the FSSO side; FAC can gather login information from multiple sources (windows event logs, radius accounting, syslog) and share that with FGT, which can then match users to policies for granular control.
Hope that helps!
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++