topic Re: MFA on Prisma Cloud Compute Edition in Prisma Cloud Discussions https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/mfa-on-prisma-cloud-compute-edition/m-p/539709#M928 <P>Hi Samson,</P> <P>The best way to accomplish this is with the following combination features/configurations:<BR /><BR /></P> <OL> <LI>Limit your local database users to what I'll call only "emergency admins" so there is still access if SSO fails.</LI> <LI>Configure RBAC so that your non-admin users will not have access to any User, Group, or Authentication related options</LI> <LI>Configure your SSO Sign-out URL to be the login page of your SSO portal instead of the login page of Compute <OL> <LI>For example, in the case of using Okta for SAML integration, you could enter "<A href="https://mycompany.okta.com" target="_blank">https://mycompany.okta.com</A>"</LI> </OL> </LI> </OL> <P>&nbsp;</P> <P>I hope this helps! Please let me know!</P> <P>Regards,</P> Fri, 21 Apr 2023 14:21:45 GMT CloudEngineer 2023-04-21T14:21:45Z MFA on Prisma Cloud Compute Edition https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/mfa-on-prisma-cloud-compute-edition/m-p/539411#M925 <P>We need to enforce MFA to log in to the twistlock console.</P> <P>&nbsp;</P> <P>Is it possible to do that on the Cloud Compute Edition (self-hosted)?</P> Wed, 19 Apr 2023 18:02:57 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/mfa-on-prisma-cloud-compute-edition/m-p/539411#M925 samson.c 2023-04-19T18:02:57Z Re: MFA on Prisma Cloud Compute Edition https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/mfa-on-prisma-cloud-compute-edition/m-p/539709#M928 <P>Hi Samson,</P> <P>The best way to accomplish this is with the following combination features/configurations:<BR /><BR /></P> <OL> <LI>Limit your local database users to what I'll call only "emergency admins" so there is still access if SSO fails.</LI> <LI>Configure RBAC so that your non-admin users will not have access to any User, Group, or Authentication related options</LI> <LI>Configure your SSO Sign-out URL to be the login page of your SSO portal instead of the login page of Compute <OL> <LI>For example, in the case of using Okta for SAML integration, you could enter "<A href="https://mycompany.okta.com" target="_blank">https://mycompany.okta.com</A>"</LI> </OL> </LI> </OL> <P>&nbsp;</P> <P>I hope this helps! Please let me know!</P> <P>Regards,</P> Fri, 21 Apr 2023 14:21:45 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/mfa-on-prisma-cloud-compute-edition/m-p/539709#M928 CloudEngineer 2023-04-21T14:21:45Z