To set up Offsite MFA logon, you need to complete the following steps
Set Agent Public URL
In the DualShield Admin Console, find the Windows Logon Agent in Authentication | Agents
Click its context menu
Select "Edit"
Enter the Agent's Public URL in the format "https://fqdn:14294/xmlrpc", e.g. https://mfa.fakestop.com:14294/xmlrpc
Click Save.
Important: if you have multiple Windows Logon Agents, then repeat the steps above on every Windows Logon Agent.
Publish Agent Public URL
The Windows Logon Agent works on HTTPS port 14294. You need to configure your corporate firewall so that port 14294 is accessible from the Internet, and that the traffic from the Internet coming to this port is forwarded to the server machine where the Windows Logon Agent is running.