CF Access can not protect plesk access

I use Access for a few applications. I have some critics and would like to know if my critics is valid or not:

1. I can not protect pleask url as it has :8443 in domain?
2. Why does access not support OTP provider like Google Authenticator APP? Is it not possible to sniff a email port somehow?

To use Access with a non-standard port you can proxy traffic to the non-standard port using Argo Tunnel. The public facing URL must not contain the port number.

Access will work with most commonly used Identity providers, and you can enforce whatever 2FA you need there. Consult the documentation here. I consider the One Time Pin only for completely external, unmanaged users. All corporate users just use their normal, every-day accounts.