DUO MFA Client/Agent in the context of Citrix Provisioning Services (PVS) read-only image

Just curious if anyone is familiar with this product but in the context of deployment to Citrix solution that leverages Citrix Provisioning Services advanced streaming technology.

The documentation from the vendor is written in the context of Terminal Services which has no relation to streaming 1000 read only images from a single virtual disk (vhdx).

Almost all of these types of agents whether anti-virus or whichever require a unique installation switch or a “seal script” modification to compensate for the base image having one unique name but then spinning up read-only instances in RAM where each instance has it’s own unique name, IP, MAC so on and so forth.

This might be a specific regkey or value wipe, INI file modification, so forth but it is almost never as simple as installing the agent to the base image and cross your fingers.

It is one thing to deploy the client to a single server OS but this is more like Z-Linux where you have one base image that has one name, one IP, MAC and all that I’ve stated and when these boot up they get a DHCP Address where MAC reservations are static and I’m using a boot drive partition as opposed to PXE/TFTP or ISO Boot.

The vendor documentation references Terminal Services which has zero relation to a Citrix VDA image with TS Enabled but spinning read-only instances of that one image to RAM and each having their own unique identifiers. I’m already seeing issues just having it installed in the base image so I can’t help but wonder what will happen when we start spinning up read only iterations of that base image?

I can’t seem to find anything relative on Google or this forum or Reddit related to DUO 2 factor MFA installed to the Citrix VDA in order to use this for MFA on other internal hosted applications such as SAP and SAS and JDA where the entire company must go through Citrix first to access any business application.

100% Citrix environment split between two data centers and active/active. NetScaler SDX (4 at each DC). I’m somewhat dependent on the consultants hired to assist with the implementation but they do not seem to have a clue relative to what Citrix PVS is and how it is exceptionally unique.