Hi Mital ,
Ans to first question-->
No, you don't necessarily need single sign-on (SSO) to set up Multi-Factor Authentication (MFA) for Azure VPN using RADIUS authentication. SSO and MFA serve different purposes, although they can complement each other in enhancing security.
MFA adds an extra layer of security to the authentication process by requiring users to provide additional verification beyond just a username and password. This additional verification could be in the form of a code sent to a mobile device, a biometric scan, or another factor.
Single sign-on, on the other hand, allows users to authenticate once and gain access to multiple resources without being prompted to log in again. While SSO can simplify the user experience and reduce the number of login prompts, it's not a requirement for implementing MFA with Azure VPN using RADIUS authentication.
Ans to second question-->
Here are the steps:
- Open the Azure VPN - Properties page and configure sign-in settings.
- Set “Enabled for users to sign-in?” to “Yes”.
- Set “User assignment required?” to “Yes” if you want to limit sign-in to only users that have permissions to the Azure VPN.
- Save your changes.
Please check this MS doc for details and snap shots -->https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-mfa
This will help increase the security of your VPN login.
I hope this helps! Let me know if you have any other questions.
Kindly accept if it helps
Thanks
Deepanshu