https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246451#M7250 <P>our GP is configured for RSA token authentication and a user certificate.&nbsp; we want to replace using user certs with a biometric authentication.</P> Fri, 23 Jan 2026 16:35:09 GMT Mike_Canfield 2026-01-23T16:35:09Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246443#M7246 <P>with GP auth, is it possible to do RSA authentication along with biometric auth?&nbsp; we would like to replace certificate auth with biometric.</P> Fri, 23 Jan 2026 16:15:18 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246443#M7246 Mike_Canfield 2026-01-23T16:15:18Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246444#M7247 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/109038">@Mike_Canfield</a>,</P> <P>Not entirely positive on your full goal here, but if you're using RSA as a SAML provider you can modify the Access Policy to a 2.0 policy and enforce both a primary authentication process alongside a secondary process which is&nbsp;<EM>probably&nbsp;</EM>what you're intending to do for authenticating connections.&nbsp;</P> Fri, 23 Jan 2026 16:21:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246444#M7247 BPry 2026-01-23T16:21:09Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246451#M7250 <P>our GP is configured for RSA token authentication and a user certificate.&nbsp; we want to replace using user certs with a biometric authentication.</P> Fri, 23 Jan 2026 16:35:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-and-multi-factor-auth/m-p/1246451#M7250 Mike_Canfield 2026-01-23T16:35:09Z