We're using Duo for MFA on Windows 10 logins and understand this creates a new credential provider in Windows along side Adaxes' Password Self Service (PSS) credential provider.
I have it worked out how to display both credential providers at the logon screen but as you know, using the PSS credential provider option bypasses the Windows logon Duo MFA requirement (The PSS link still works great though ).
I've read in other Adaxes posts and elsewhere that there is no way to merge the Duo MFA function with the Adaxes PSS Link without creating a custom credential provider and having the code for both apps. So forget that option.
My ask is, could Adaxes create an alternate credential provider that still presents the PSS Link BUT disables the Windows username and password field? Administators could choose between which Adaxes credential provider to use via Group Policy or local registry settings.
With this, the Duo credential provider would be only one capable of logging the user in and they would have the option to switch to use the altered Adaxes credential provider with the PSS link. Using the PSS link, user's can still be required to use 2FA with a Auth app or SMS code along with questions/answers.