08-18-2022 07:37 PM
Hi,
I am looking for the way to integrate Global Protect MFA with Microsoft Authenticator App. Please note that I need to local user database of the firewall for the authentication and Microsoft Authenticator App for the second factor.
Please help on this.
08-19-2022 09:38 AM
I don't think this is going to be possible with Microsoft. Since this is built out as a SAML authentication provider unlike SecurID Access, Okta, Duo, and PingID where you can use the built-in MFA vendor providers.
08-19-2022 11:22 AM
Hi BPry
Thank you for replying me.. But actually I came across few articles where I thought it is possible.. Please see one the articles below and help me on this..
08-19-2022 11:49 AM
The document you referenced is almost certainly relying solely on their Microsoft authentication SAML provider. As stated, your wanting to use local users as the initial factor and then using Microsoft as the secondary.
If you were using one of the built-in MFA vendors available through the firewall what you’re attempting to do isn’t an issue. Microsoft isn’t included in that list though, meaning you have to utilize SAML authentication for this provider. While not impossible to do what your asking, it’s more of a workaround and creates a poor user experience.
I guess what I would be asking myself in your shoes is why I’m using local users as the initial factor. What benefit is that giving you in your configuration, and why aren’t you just using the SAML provider?
08-19-2022 11:52 AM
10-09-2022 08:32 PM
Just rolled this out using azure and saml to mfa. Also disabled users from approving or denying. Instead a otp must be used. To my knowledge can't do this with a local database using microsoft authenticator.
10-10-2022 07:57 AM
12-07-2022 06:33 AM
Hi Zeromahesh
That's nice!!! Can You share the configuration necessary with me? Thank you.
12-07-2022 08:44 AM
12-07-2022 11:18 AM
Hi @zeromahesh
Very good... I dont found this video in your channel, please send the link for me.
Thank you.
02-15-2023 11:58 PM
Hi,
Actually I recorded a demonstration on how to integrate Palo Alto Global Protect with Azure Active Directory with Two Factor authentication. Please check the below YouTube link.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
