We have Cyberark integrated with CA SSO 12.7 (using SAML) now we have requirement to implement Azure cloud MFA.
Earlier CA suggested the given below flow :
CA SSO will challenge the user for Credentials. CA SSO Web Agent will collect the user name / password / token.
CA SSO Policy Server will validate the username / password with onPremise AD.
CA SSO Policy Server will make a call to NPS using Radius Protocol to validate the Token.
NPS will speak with Azure MFA on Cloud to validate Token and pass a response back to CA SSO Policy Server.
CA SSO Policy Server based on the response back from NPS / Azure MFA; will take a final call whether user is authentication OR not.
If all is success, then CA SSO Policy Server would send IsAuthenticated() success to CA SSO Web Agent.
So we need need help in uderstanding the point 3,4 &5.