Please note that unlike Windows workstations, this does not enforce 2-factor authentication for mobile accounts when the workstation is offline, nor for FileVault full disk encryption. At boot time, the FileVault logon will still just be the user's AD password. Also, when the machine is offline, the mobile account will allow logon with just the AD password as well.
Please note that Apple does not allow third party code to extend the "screen saver unlock" UI as of OS version Catalina. Therefore in our plugin build 1.4 we disabled this feature to prevent the "black screen" problem upon unlock. This means in order to unlock the machine from screen saver, the user has to ignore the unlock dialog and click "Switch User" instead.
When AuthLite is configured properly on the server side, the user will still require a 2-factor logon in order to obtain a Kerberos ticket and network logon credentials.