Hello,

I'm trying to think of the best way to enable RSA 2FA on Vmware Horizon 6 without affecting all users. Only a small number of users are currently setup on RSA so I don't want all users being prompted for a token etc. There is only the option to turn on or off, no additional options. We have 2 connection servers which are behind a load balancer. If I enable RSA on either of these connection servers then some users will hit the RSA enabled one. What I ideally want is an option to only challenge users in a specif AD group for RSA 2FA login. Another idea is to add a 3rd connection server for test purposes and enable RSA 2FA on it, separate to the load balanced pool. Is it safe to add another connection server (non replica)?

What is the best way to achieve this (if there is a better way, let me know)?