When troubleshooting user authentications, you may notice this message in the VIP Manager Transaction Reports: "Second factor successfully validated.  Awaiting first factor validation."

This message means that the VIP Radius configuration is set to verify second factor before the first factor in the Radius configuration, or that they are happening at the same time, and that the Radius has not yet reported the first factor success.

Reference the "Authentication Sequence" in the table on page 63 here:  https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/dita/symantec-security-software/identity-security-authentication/vip/generated-pdfs/VIPEG911InstallAndConfig.pdf

The Radius first reaches out to the VIP cloud to see if the user has PUSH, SMS/VOICE credentials to get that process started (shown as process "beginAuthentication"). In this flow, you may see a mobilePush sent and approved shortly after. The second factor is now done and awaiting the Radius poll response to verify.

In the next process "continueAuthentication" operation will report the full authentication result after the local Radius verifies the first factor credentials.

For further troubleshooting, check the local VIP Radius Validation logs and search for the RequestID of the Transaction Report results to find the specific authentication attempt.