If I need to use two factor authentication with ZPA is it possible?
ZPA is inherently multi-factor, regardless of how the user authenticates, because access to applications requires both a SAML assertion and unique device identity (combination of device certificate and fingerprint).
Also, any authentication back-end that has SAML Identity Provider support (i.e. can generate a SAML assertion after the user authenticates) will work with ZApp for ZPA. So - in addition to being able to use any IdP which has an MFA option, you can also use any MFA which has an IdP option (e.g services like OneLogin).
I used this with an account and it was well received