This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this solution

jambulo
L4 Transporter

‎03-07-2018 02:00 PM

What are you using for the first factor(what is your Duo Auth Proxy pointing to for the first factor)? Active Directory?

 

If using AD for the first factor, and Duo for the second factor, try this...

- Create an Authentication Profile in PA that uses LDAP and points to your Domain Controllers.

- Apply this LDAP Auth Profile to your Portal.

- Create an Authentication Profile in PA that uses RADIUS and points to your Duo Auth Proxy.

- Apply this RADIUS Auth Profile to your Gateway.

 

...with this configuration, users will authenticate to your Portal via AD only, and to your Gateway via Duo MFA.  I believe, after authenticating to the Portal, the GP agent will take the username/password used to authenticate to the Portal, and send them to the Gateway.  The expected behavior here is, the user should only have to enter in their password once, and their OTP once.  Or, if you save user credentials in GP, the only thing the user has to do is authenticate against the second factor.

View solution in original post

1 person found this solution to be helpful.
Who Me Too'd this solution
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks