I just upgraded APM from 12.1.2 HF2 to 18.104.22.168. One major reason was to allow users to add their VPN account into Citrix Receiver and log in through APM without having to use a webtop or go through endpoint inspection, etc. I tried using the Citrix 2.4.3 iApp template to get it to work, but I could only get a login box that provided a single password box (vs the additional passcode box needed for the 2fa).
I was finally able to fix the issue but removing the logon page object from the access policy and use the Citrix Logon Prompt object along with setting it to use 2 factor authentication. Here's what it looks like:
This works so well! I put in a ticket to see about having the iApp template updated, but I thought I'd pass it along to anyone that may need some help with it!
This is what the Password Variable object has in it:
Basically it is reassigning the password variable from the password1 variable passed from the login form.
One thing to note is that the iApp template doesn't assign the variable as secure. You may need to go in and do that as well.