Can we configure a single instance of PAM to work with RADIUS servers from multiple MFA solutions?
Ex: 1) RADIUS1 server for authenticating internal users, via CA Advanced Authentication
2) RADIUS2 for authenticating vendors/external users, via Azure MFA
Any CA PAM appliance
up to CA PAM 3.2 which is the latest at the time of this document
You can add multiple radius servers in a single configuration but you cannot configure radius authentication through multiple MFA services. This is due to a limitation in our ability to direct communications to a subset of the defined radius servers in our configurations. If you configure multiple radius servers, CA PAM will send the requests to each of the radius servers in the order specified.
Simply put there is no method currently to define specific radius servers to only be used with a specific set of users. If you require this an Enhancement request should be made through our Communities Site