Global Protect MFA with Google Authenticator

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect MFA with Google Authenticator

L0 Member

Dear Team, 

 

Please help me understand can we configure TOTP Google Authenticator(Free) for Global Project VPN users 

we have configured Global Protect VPN with AD authentication and want to configure the above solution.

 

Thanks in Advance 

 

Regards 

Sandip Kumbhar

Regards
Sandip Kumbhar
1 REPLY 1

Cyber Elite
Cyber Elite

Hi @SandipKumbhar ,

 

PAN-OS does not support Google MFA natively -> https://docs.paloaltonetworks.com/compatibility-matrix/mfa-vendor-support/mfa-vendor-support-table#i....

 

One solution that you can use is a RADIUS server that supports both LDAP and Google TOTP, e.g. https://sysopstechnix.com/enable-2fa-on-freeradius-with-openldap-users/.  I just Googled that one.  I have not used it.

 

On the NGFW, all you do is configure the RADIUS server for GlobalProtect.  Check out the diagram in the 2nd URL.  If you do not want users to get prompted twice for MFA (portal and gateway), you can (1) enable authentication cookies or (2) use RADIUS for the portal and LDAP for your gateway.

 

Thanks,

 

Tom

 

 

Help the community: Like helpful comments and mark solutions.
  • 3290 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!