Can we configure a single instance of PAM to work with RADIUS servers from multiple MFA solutions?

Document ID : KB000103163
Last Modified Date : 26/06/2018
Show Technical Document Details
Question:
Can we configure a single instance of PAM to work with RADIUS servers from multiple MFA solutions?
Ex: 1) RADIUS1 server for authenticating internal users, via CA Advanced Authentication
       2) RADIUS2 for authenticating vendors/external users, via Azure MFA 
Environment:
Any CA PAM appliance 
up to CA PAM 3.2 which is the latest at the time of this document
Answer:
You can add multiple radius servers in a single configuration but you cannot configure radius authentication through multiple MFA services. This is due to a limitation in our ability to direct communications to a subset of the defined radius servers in our configurations. If you configure multiple radius servers, CA PAM will send the requests to each of the radius servers in the order specified.
Additional Information:
Simply put there is no method currently to define specific radius servers to only be used with a specific set of users. If you require this an Enhancement request should be  made through our Communities Site
https://communities.ca.com/community/ca-security/ca-privileged-access-management/content?filterID=contentstatus%5Bpublished%5D%7Ecategory%5Bca-privileged-access-manager%5D