07-14-2023 04:50 AM
Dear Team,
Please help me understand can we configure TOTP Google Authenticator(Free) for Global Project VPN users
we have configured Global Protect VPN with AD authentication and want to configure the above solution.
Thanks in Advance
Regards
Sandip Kumbhar
07-16-2023 06:49 PM
Hi @SandipKumbhar ,
PAN-OS does not support Google MFA natively -> https://docs.paloaltonetworks.com/compatibility-matrix/mfa-vendor-support/mfa-vendor-support-table#i....
One solution that you can use is a RADIUS server that supports both LDAP and Google TOTP, e.g. https://sysopstechnix.com/enable-2fa-on-freeradius-with-openldap-users/. I just Googled that one. I have not used it.
On the NGFW, all you do is configure the RADIUS server for GlobalProtect. Check out the diagram in the 2nd URL. If you do not want users to get prompted twice for MFA (portal and gateway), you can (1) enable authentication cookies or (2) use RADIUS for the portal and LDAP for your gateway.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
