Device > Server Profiles > Multi Factor Authentication
Use this page to configure a multi-factor authentication
(MFA) server profile that defines how the firewall connects to an
MFA server. MFA can protect your most sensitive resources by ensuring
that attackers cannot access your network and move laterally through
it by compromising a single authentication factor (for example, stealing
login credentials). After configuring the server profile, assign
it to authentication profiles for the services that require authentication
(see Device
> Authentication Profile).
For the following authentication use cases, the firewall integrates
with multi-factor authentication (MFA) vendors using RADIUS and
SAML:
- Remote user authentication through GlobalProtect™ portals and gateways.
- Administrator authentication in the PAN-OS and Panorama™ web interface.
- Authentication through Authentication policy.
Additionally, the firewall can also integrate with MFA vendors using the API to enforce MFA through
Authentication policy for end-user authentication only (not for
GlobalProtect authentication or administrator authentication).
The complete procedure
to configure MFA requires additional
tasks besides creating a server profile.

Authentication sequences
do not support authentication profiles that specify MFA server profiles.
If
the firewall integrates with your MFA vendor through RADIUS, configure
a RADIUS server profile (see Device
> Server Profiles > RADIUS). The firewall supports all MFA
vendors through RADIUS.
MFA Server Settings | Description |
---|---|
Profile Name | Enter a name to identify the server (up
to 31 characters). The name is case-sensitive and must be unique.
Use only letters, numbers, spaces, hyphens, and underscores. |
Location | On a firewall that has more than one virtual
system (vsys), select a vsys or the Shared location.
After you save the profile, you cannot change its Location . |
Certificate Profile | Select the Certificate Profile that
specifies the certificate authority (CA) certificate that the firewall
will use to validate the MFA server certificate when setting up
a secure connection to the server. For details, see Device
> Certificate Management > Certificate Profile. |
MFA Vendor / Value | Select an MFA vendor MFA Vendor and
enter a Value for each vendor attribute.
The attributes vary by vendor. Refer to your vendor documentation
for the correct values.
|
Recommended For You
Recommended Videos
Recommended videos not found.