MFA on the Palo Support Portal?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MFA on the Palo Support Portal?

L4 Transporter

I saw the announcement that they were going to start requiring MFA for logging in on the Palo Alto websites and it mentions a code via email, however, I was already set up to use an authenticator app for this.  When I went to log in today, it seems to be ignoring my account settings and doing the email code every time.  I tried switching to the email method, saving, and then changing back to the authenticator option and saving again but it still seems to only give me the option to email a code at login.

 

Is anyone else running into this too?

1 ACCEPTED SOLUTION

Accepted Solutions

Possibly cannot.

The only way to change the default 2FA method to others is login to the following website which required individual user credential.  It seems it's a per-user options.
https://sso.paloaltonetworks.com/enduser/settings

Life is full of surprise,
Just embrace it!

View solution in original post

13 REPLIES 13

L5 Sessionator

Internally I've had to reset my preferences 2 different times. Before you login, where you type your email, click the blue "get help" button to open a case, have them reset your preferences, and try it that way. Sometimes the frontend doesn't talk so good to the backend. 

Help the community! Add tags & mark solutions please.

Ok thanks.. we may have to do that.  I just went in there again and I was able to re-enroll in the Google Authenticator method successfully but the login process still seems to be ignoring it and going to the email code.

L2 Linker

@jsalmans were you able to re-enroll? for me it's not even show options to re-enroll. Get it going with email for now waiting to hear back from support. 

L2 Linker

This is what I got from palo support. 

Users may be asked to change their passwords in order to meet the new password policies.
MFA will be enforced for all customers, irrespective of the product or the application they are trying to access


Why am I being prompted for MFA?
MFA is enforced for all customers and partners irrespective of what application or product is accessed

What are the MFA factors that are currently supported with this change?
Only Email is supported and more MFA factors will be added in the future (Eg: Google Authenticator)

I currently use Google Authenticator as an MFA factor. Will it continue to work?
Unfortunately, No. Once we support the Google Authenticator on Okta, it will have to re-registered since there is no way to port over the data

Can a customer account be exempted from MFA?
No, this is no longer an option. A valid business justification will be required for an exemption, which will then be reviewed with the Information Security team to assess the risk of doing so.

Why am I being prompted for password change?
Customers are prompted to change if their current password does not comply with new password standards

How often do I need to change my password?
Every 365 days from the last time the password has been changed

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!