It seems they can do it: https://www.miniorange.com/iam/solutions/tacacs-authentication From: NANOG <nanog-bounces+avargasn=gmail.com@nanog.org> on behalf of Tim Burke <tim@mid.net> Date: Friday, 22 September 2023 17:32 To: North American Network Operators Group <nanog@nanog.org>, Kevin Burke <kburke@burlingtontelecom.com> Subject: Re: TACACS+ server recommendations? Curious about this as well. We are using Okta's RADIUS service for 2fa to network gear currently, but looking to switch to tacacs+ for many reasons. Would prefer to implement tacacs+ with two-factor if possible. ________________________________ From: NANOG <nanog-bounces+tim=mid.net@nanog.org> on behalf of Kevin Burke via NANOG <nanog@nanog.org> Sent: Friday, September 22, 2023 1:53 PM To: North American Network Operators Group <nanog@nanog.org> Subject: RE: TACACS+ server recommendations? Is anyone using two factor authentication for network devices? Getting ready to re-do our authentication infrastructure and was curious if this is common. We are noticing a lot of Active Directory based two factor solutions as well as some TACACS solutions that have already been mentioned that can use AD as the backend. Also curious if others have tried this and noticed any obvious downsides. Thanks! Kevin Burke 802-540-0979 Burlington Telecom 200 Church St, Burlington, VT