MFA Vendor Support

Review the multi-factor authentication (MFA) vendors with which Palo Alto Networks Next-Generation Firewalls and Panorama™ appliances can integrate.
Palo Alto Networks Next-Generation Firewalls and Panorama™ appliances can integrate with multi-factor authentication (MFA) vendors using RADIUS and SAML. Firewalls can additionally integrate with specific MFA vendors using the API to enforce MFA through Authentication policy.
Authentication Use Case
RADIUS (any vendor)
TACACS+ (any vendor)
SAML
(any vendor)
MFA Server Profile
Next-Generation Firewall and Panorama Administrator Web Interface
green-check-mark.png
green-check-mark.png
green-check-mark.png
Next-Generation Firewall and Panorama Administrator CLI
green-check-mark.png
green-check-mark.png
GlobalProtect™ Portal and Gateway Authentication
green-check-mark.png
green-check-mark.png
green-check-mark.png
Authentication Policy
(Formerly Captive Portal Policy)
green-check-mark.png
green-check-mark.png
green-check-mark.png
green-check-mark.png
Vendor / Min. Content Version
*
  • RSA SecurID Access / 752
  • PingID / 655
  • Okta Adaptive / 655
  • Duo v2 / 655
*
Palo Alto Networks provides support for MFA vendors through Applications content updates, which means that if you use Panorama to push device group configurations to firewalls, you must install the same Applications release version on managed firewalls as you install on Panorama to avoid mismatches in vendor support.

Recommended For You