Thanks so much for the detailed post. I have 1 question (maybe more later).
What is the behavior for authentication on this system when the user is off the network? I'm thinking specifically of laptop users who may take their laptop home and work offline (or off of VPN).
Thanks in advance.