PAM customer has user accounts in Active Directory that are imported into PAM in groups that have either LDAP or LDAP+RSA authentication methods assigned.
PAM Admin would like users to be able to choose which method they use upon login to PAM, as they can in other systems that support LDAP+RSA. However PAM does not seem to allow this flexibility, which can be confusing to users who have both methods available as they may not know which method will work with PAM.
Release : 4.1.x
Component: PRIVILEGED ACCESS MANAGEMENT
PAM has an integration point of 1 Authentication Type to 1 Group. We currently don't support mixed mode authentication type across one LDAP group (IE: LDAP and LDAP + RSA). We support it only in pre-defined separate groups in PAM.
This configuration can be accomplished via SAML integration -> which the dual authentication is done outside of PAM