If an organization has certificates for all users, they can use the certificate mode of authentication.
Those organizations which have eDirectory users can use NMAS for authentication.
Users from different places having users in LDAP in a central location can use the NMAS LDAP method.
The services also allow you to granularize authentication policy to the individual user level and traffic rules for individual user as well as individual resource level.
During configuration the updated information in the eDirectory can be verified. Once a service is configured we can open eDirectory for the service using iManager or cross check eDirectory.
IMPORTANT:Once the information in eDirectory is updated, make sure it is read by VPN modules. Use _vpn on the server console and see the different configured services.
Usage of encryption is according to the requirement of the organization. With slow links encryption helps only for specific services.