03-04-2025 07:08 PM
Hi
Hope this is still relevant here as we are using PAN SSO to sign into Cortex XDR.....
I would like to know if we have an option to disable email MFA if we have other active options enabled e.g. TOTP or Windows Hello.
I would have guess this would be a no - as the MFA email would be always required as a fallback option.
We are designing some strict access control on a certain account and would like to explore disabling email OTP is actually doable.
Thanks
Tum
03-05-2025 07:22 AM
Hi @tmeksik, thanks for reaching us using the Live Community.
You can change your MFA settings in the CSP portal, under "My Profile" you will find a link to check the MFA configuration.
If the provided SSO configuration doesn't meet your requirements, you can configure your own IDP with this procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZ8mCAE
If this post answers your question, please mark it as the solution.
03-05-2025 11:40 AM
Hi @jmazzeo
We wouldn't go with our own IdP for this.
I am aware of MFA settings under "My Profile". You can configure Okta, hw token, and Google authenticator there. What I cannot find is a way to disable Email option - if at all possible? It is fine the way it is - I just wanted to know if it is possible to disable it.
The KB page here also didn't include this info https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN9CAK
Thanks
Tum
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
