Device > Server Profiles > Multi Factor Authentication
Use this page to configure a multi-factor authentication (MFA) server profile that defines how the firewall connects to an MFA server. MFA can protect your most sensitive resources by ensuring that attackers cannot access your network and move laterally through it by compromising a single authentication factor (for example, stealing login credentials). The firewall supports MFA only for end users, not firewall administrators. You can configure an MFA server profile for Duo v2, Okta Adaptive, and PingID MFA. After configuring the server profile, assign it to authentication profiles for the services that require authentication (see Device > Authentication Profile).
The complete procedure to configure MFA requires additional tasks besides creating a server profile.
Authentication sequences do not support authentication profiles that specify MFA server profiles.
If the firewall integrates with your MFA vendor through RADIUS, configure a RADIUS server profile (see Device > Server Profiles > RADIUS). The firewall supports all MFA vendors through RADIUS.
MFA Server Settings
Enter a name to identify the server (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
On a firewall that has more than one virtual system (vsys), select a vsys or the
Sharedlocation. After you save the profile, you cannot change its
Certificate Profilethat specifies the certificate authority (CA) certificate that the firewall will use to validate the MFA server certificate when setting up a secure connection to the server. For details, see Device > Certificate Management > Certificate Profile.
MFA Vendor / Value
Select an MFA vendor
MFA Vendorand enter a
Valuefor each vendor attribute. The attributes vary by vendor. Refer to your vendor documentation for the correct values.
Recommended For You
Recommended videos not found.