I have a couple of questions regarding a client in Italy. It is implementing an insurance application in Pega Cloud. The first question. For the employee, they want to use the Pega UI (I suppose UIKit, but could be also Cosmos). Employee are into the client network which is connected to Pega cloud through a VPN. The client's customers do not connect directly Pega, instead they connect a portal which communicates with Pega through the DX APIs. This architecture is already in place. They are asking if it is possible to expose to the internet only the DX APIs and expose the Pega UI only through the VPN. The second question. Suppose to expose also the employee to the internet, they want to use strong authentication mechanisms like two-factor authentication. I see that the platform has a multi-factor authentication which sends the OTP password by email, but they want to use mechanisms like time-OTP (like Google authenticator) or pushing notifications to authorized devices (like Microsoft authenticator). They would also be able to revoke the authorization to devices. Is this requirement addressed by Pega? Or should this requirement implemented by an external authentication provider integrated with Pega (through SAML or OAuth)?