I saw the announcement that they were going to start requiring MFA for logging in on the Palo Alto websites and it mentions a code via email, however, I was already set up to use an authenticator app for this. When I went to log in today, it seems to be ignoring my account settings and doing the email code every time. I tried switching to the email method, saving, and then changing back to the authenticator option and saving again but it still seems to only give me the option to email a code at login.
Is anyone else running into this too?
Internally I've had to reset my preferences 2 different times. Before you login, where you type your email, click the blue "get help" button to open a case, have them reset your preferences, and try it that way. Sometimes the frontend doesn't talk so good to the backend.
This is what I got from palo support.
Users may be asked to change their passwords in order to meet the new password policies.
MFA will be enforced for all customers, irrespective of the product or the application they are trying to access
Why am I being prompted for MFA?
MFA is enforced for all customers and partners irrespective of what application or product is accessed
What are the MFA factors that are currently supported with this change?
Only Email is supported and more MFA factors will be added in the future (Eg: Google Authenticator)
I currently use Google Authenticator as an MFA factor. Will it continue to work?
Unfortunately, No. Once we support the Google Authenticator on Okta, it will have to re-registered since there is no way to port over the data
Can a customer account be exempted from MFA?
No, this is no longer an option. A valid business justification will be required for an exemption, which will then be reviewed with the Information Security team to assess the risk of doing so.
Why am I being prompted for password change?
Customers are prompted to change if their current password does not comply with new password standards
How often do I need to change my password?
Every 365 days from the last time the password has been changed
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!