We are just test driving Okta. We use ASA as our VPN solution and is integrated with ISE (as RADIUS server). We want to know if it is possible to do 2-factor authentication for VPN with ISE. To summarize it will be as follows: ASA--ISE--Okta ASA will send RADIUS request to ISE. ISE will be configured with Okta as an Identity Source. Upon authentication the user will be asked for secondary question. Please let us know if this is a supported scenario.