https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998692#M6263 <P>Hi Jay,</P> <P>Thank you for reply.&nbsp;</P> <P>&nbsp;</P> <P>Are you deploying GlobalProtect for the first time?&nbsp;</P> <P>No, we are already using Global Protect on user laptops and ipads.&nbsp;</P> <P>&nbsp;</P> <P>Do you already have an MFA solution in place (Duo, Okta, Azure MFA, or another provider)?</P> <P>Not really&nbsp;</P> <P>&nbsp;</P> <P>Are you looking to keep LDAP as the primary authentication and add MFA as a secondary step?</P> <P>Yes, I think we will keep LDAP as primary&nbsp;</P> <P>&nbsp;</P> <P>Do you have a preference on using TOTP-based auth (Microsoft Authenticater/RSAGoogle Authenticator), push-based (DUO/OKTA), SMS code/Email?</P> <P>As of now we are thinking to go for TOTP based Auth (Microsoft of Google Authenticator as users already using as part of their Email</P> <P>&nbsp;</P> <P>Thank you.</P> <P>Regards</P> <P>Hina</P> Tue, 17 Dec 2024 22:35:22 GMT Hina-Jabeen 2024-12-17T22:35:22Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998413#M6241 <P>Hi All,</P> <P>We want to enable the login of users to Global Protect via MFA to code on phone or via Auth App.</P> <P>As of now users are getting 1st Auth as the LDAP Profile</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 15 Dec 2024 23:24:05 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998413#M6241 Hina-Jabeen 2024-12-15T23:24:05Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998680#M6258 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/254474">@Hina-Jabeen</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for reaching out!&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I have a few questions:</P> <P>&nbsp;</P> <P>Are you deploying GlobalProtect for the first time?&nbsp;</P> <P>Do you already have an MFA solution in place (Duo, Okta, Azure MFA, or another provider)?</P> <P>Are you looking to keep LDAP as the primary authentication and add MFA as a secondary step?</P> <P>Do you have a preference on using TOTP-based auth (Microsoft Authenticater/RSAGoogle Authenticator), push-based (DUO/OKTA), SMS code/Email?&nbsp;</P> <P>&nbsp;</P> Tue, 17 Dec 2024 21:15:44 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998680#M6258 JayGolf 2024-12-17T21:15:44Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998692#M6263 <P>Hi Jay,</P> <P>Thank you for reply.&nbsp;</P> <P>&nbsp;</P> <P>Are you deploying GlobalProtect for the first time?&nbsp;</P> <P>No, we are already using Global Protect on user laptops and ipads.&nbsp;</P> <P>&nbsp;</P> <P>Do you already have an MFA solution in place (Duo, Okta, Azure MFA, or another provider)?</P> <P>Not really&nbsp;</P> <P>&nbsp;</P> <P>Are you looking to keep LDAP as the primary authentication and add MFA as a secondary step?</P> <P>Yes, I think we will keep LDAP as primary&nbsp;</P> <P>&nbsp;</P> <P>Do you have a preference on using TOTP-based auth (Microsoft Authenticater/RSAGoogle Authenticator), push-based (DUO/OKTA), SMS code/Email?</P> <P>As of now we are thinking to go for TOTP based Auth (Microsoft of Google Authenticator as users already using as part of their Email</P> <P>&nbsp;</P> <P>Thank you.</P> <P>Regards</P> <P>Hina</P> Tue, 17 Dec 2024 22:35:22 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/user-vpn-global-protect-with-mfa-as-code-or-authenticator-app/m-p/998692#M6263 Hina-Jabeen 2024-12-17T22:35:22Z