If you try to access a Windows Logon Agent, or the Windows Credential Provider with Offline Caching mode enabled you see the error "invalid passcode used".
Offline caching mode was designed to work with Standard Users who have tokens assigned to their account. Although it will work with grouped, it will only cache the LAST member of the group who logged in. So in cases where a different grouped user may log in, the hashed passcode list will never match, and therefore will never be able to authenticate offline to any other grouped user member.
Offline caching mode will NOT work with proxied users. When an AuthAnvil Two Factor Auth server authenticates a proxied user, the server that the authentication is delegated to only returns a true/false. It does not return the list of authentication hashes that offline caching mode requires.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .