First, download and setup a WiKID Strong Authentication Server. Follow the installation manual. Finally, add the Cyberroam as Network Client on the WiKID server using the RADIUS protocol.
Then configure the Cyberroam:
Go to Identity > Authentication > Authentication Server and click Add to configure RADIUS Server parameters. You will see the box below:
For Server Type, choose RADIUS.
Give the Server a name.
Specify the IP address of the RADIUS server. This would be the WiKID server if you are going direct or NPS or another RADIUS server if you are using one.
The Authentication port is 1812.
Enter a shared secret This secret must be the same as you enter on the WiKID server or RADIUS server.
Integration type. Use Loose if you are going direct to WIKID.
Click on Test Connection and enter your WiKID username and the WiKID one-time passcode (OTP) from your software token to test your connection (Assuming you have added the Cyberroam as a Network Client on WiKID. Please see this post for information on troubleshooting your RADIUS configuration.)
If connection is successful, click OK to save the configuration.
Next, go to Identity > Authentication > Firewall and select RADIUS Server as primary authentication server.
Click Apply.
That's it. You should now be able to go to the SSL portal and login with your WiKID Credentials.
Reminder: If you are doing 2FA for PCI compliance, you should also be doing 2FA for non-console administrative access.