Palo Alto Networks Knowledgebase: How to Enable Two Factor Authentication
How to Enable Two Factor Authentication
Created On 03/07/19 13:26 PM - Last Updated 03/07/19 13:30 PM
Two Factor Authentication (2FA) is provided as an option for Customer Support Portal.
All account super users will have the ability to enable 2FA at the account level. If 2FA is not enabled at the account level, individuals may turn on the option for their own user accounts by clicking user name > My Profile > Security Settings> Enable 2 Factor Authenication.
Listed below are some frequently asked questions on this new feature.
How to enable Two Factor Authentication (2FA) at the Account level in the Customer Support Portal
Two Factor Authentication can only be enabled at the account level by someone with Super User permisions. To enable Two Factor Authentication at the account level, follow the steps outlined below:
Login to the Palo Alto Networks Customer Support Portal and navigate to the Company Account tab.
You may enable and disable Two Factor Authentication for your account under Security Settings as shown below: Note: Once users are enrolled, they will be notified via email that they are enrolled in 2 Factor Authentication to log into the Palo Alto Networks support site. Once 2FA is enabled by a Super User, all members of the account will be automatically enrolled. Also see How to Enable Google Authenticator
If I am member of multiple CSP accounts, what will my 2FA experience be?
If a user is a member of multiple accounts, one of which has 2FA enabled for Cloud Services, then the user will be prompted for 2FA every time they login to the Customer Support Portal. If a user does not have access to any Cloud Services accounts, 2FA will not be enabled for that user.
What happens when 2FA is turned off and who can turn off 2FA at the account level?
Only Super Users can disable 2FA by unchecking the "Enable 2 Factor Authentication "checkbox under Security Settings as shown:
Am I automatically unenrolled in 2FA if the Super User of my account disabled 2FA?
No, if a Super User disables 2FA at the account level, users will not be automatically unenrolled. Users are given the option to continue using 2FA or disable it themselves.
How can a user who is not a super user of an account disable 2F login?
2FA can be disabled by an individual account member only if the Super User has disabled it at the account setting. Once disabled at the account level, individual members may disable 2FA via the Edit Profile page on the top right section of the CSP page as shown below:
For a full list of other Support Portal User Documents, please click here: