I'm looking for additional information on how to setup RSA for off Domain Access to a PC.
Right now when I'm at home/off the domain I have to login to my device with a local account to gain access to my remote software. We currently do not allow cashed credentials on our devices.
From my understanding we would have to allow the cashing of one set of AD credentials so the user could Authenticate with RSA off the domain. I have gone through a lot of the documentation and the off network policy seems interesting and appears that is what we would use but I don't fully understand how this works and what all the settings mean. It doesn't seem right that we would be able to do this without any of our on premises RSA servers facing externally.
Our Goal is to make users that are taking devices home to work remotely to have to use two factor authentication to be able to login. Can you point me in the direction of any documentation you may have that could assist me in this.