Today I received another request to provide remote off-site access to NPM via use of MFA.
I don't see a great solution for it, outside of requiring users to leverage our Citrix Secure Gateway solution and then access NPM's home page, or using RDP through CSG to get to a user's computer at work (from home), and then logging into NPM.
That's not what they want. I'm telling them it's what they can have. I think that if a switch or router or server or service is down, the next thing they'll want is to access that item remotely, which isn't happening via MFA through NPM anyway. I think they may as well be remoting into CSG or their work PC so they can do the extra steps.
I can't convince them.
What options do you present users when they make something approaching a logical justification for wanting to access NPM from the Internet via MFA?
Or is there something supporting MFA already present in NPM?