Because the only 2FA allowed was onelogin push. Don't ask me why.
They also used an "enterprise" VPN that was acquired by some larger company, was pretty much abandoned at that point and only worked with a proprietary client that took days to set up on Linux - this was fun for me and all my colleagues who ended at that sad company as a result of an acquihire and were 80% devs running linux.
Why not just a physical TOTP token? There's ones that do 100 Tokens, probably won't need more than that. Smartphone for 2fa seems overkill.
Because the only 2FA allowed was onelogin push. Don't ask me why.
They also used an "enterprise" VPN that was acquired by some larger company, was pretty much abandoned at that point and only worked with a proprietary client that took days to set up on Linux - this was fun for me and all my colleagues who ended at that sad company as a result of an acquihire and were 80% devs running linux.