AWS AD Connector MFA with NPS and PrivacyIDEA

I’ve setup AWS AD Connector and want to add MFA to it. According to AWS I need a MFA service to process the MFA token and so I’ve found privacyIDEA.

I’ve downloaded the privacyIDEA ISO and setup the vm server and configured it to our AD, and configured the radius part back to our NPS server. Using this document which seemed to be aligned with want I’m trying to achieve.

Have also registered a user from AD and assigned a token to that user. However it’s not working, when I try to complete the AWS portion it’s failing the configuration to the NPS/Radius server. I have confirmed network connectivity is working e.g. I can get a response from AWS side from NPS on UDP 1812 and the same from NPS to privacyIDEA server.

Just wondering if what I’m trying to do is supported and has anyone else managed to this?

Many thanks

The link you sent to the AWS docs simply contains a RADIUS setup.
So this should work with even the FreeRADIUS server, no NPS needed.
But there is a lot of other things to set up, which probably takes some time and effort.