If I want to enable 2FA with VCenter Server (Using RSA Secure ID), but keep a single local authentication account for backup/emergency purposes, is this possible? Concern is if RSA/2FA fails, would be locked out. Thanks,
I would recommend you protect VCenter with ADFS, then do 2FA within your preferred IDaaS (e.g. Azure AD) by setting that IdP as a Claims Provider Trust within ADFS. That way, your IdP does the authentication (not ADFS). Conditional access policies within your IDaaS will give you the 2FA you're looking for.
Once done, the UX will be as follows:
Post reported to moderators, since there is an area of the Communities for vCenter Server, it should now get moved.