VIP integration for the Microsoft GINA is installed and configured.  The login to the GINA is in the Domain\User or [email protected] format and the 2nd factor login fails.

Reason = 23, user does not exist.

GINA integration with VIP does not honor the enterprise login ID mapping set in the VIP Manager.  So when a user is entered in the domain\user format, the domain is not removed to validate the user against the user in the cloud.  

This is being looked at by Symantec development.  

One possible workaround is to remap the users in the cloud to the user principal name (UPN) so that the users in the cloud are in the [email protected] format.  Then login with the full [email protected] format.