I would like to use a two-factor authentication for the administrators when they access the PAN-500 web console.
With an authentication sequence I can use 2 ways to authenticate but I want to force the use of both. Is that possible?
I'm currently running PAN-OS 7.1.2 on a PA-200 and recently added Two-factor Authentication for administrator account logins using the Duo Security 2FA system. Here's a link to the web site that describes how to set up 2FA with the GlobalProtect VPN. https://duo.com/docs/paloalto
If you follow all of the steps from the beginning through "Add an Authentication Profile", you will just need to add the new DuoRADIUS Authenication Profile to the administrator accounts that you would like to have authenticated via Two-factor Authentication.
It works GREAT!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!