If users have previously connected to Retain using MFA, they can still log in to Retain using MFA, provided that
The NetIQ Advanced Authentication service is online and accessible to Retain.
The LDAP identity repositories configured in NetIQ AA are still accessible to it.
The users needing access are able to use offline access. See Authentication Method
in the Retain 4.10: Configuration and Administration guide.