Palo Alto Networks Knowledgebase: How to Enable Two Factor Authentication

How to Enable Two Factor Authentication

6861
Created On 06/05/19 15:19 PM - Last Updated 06/05/19 15:21 PM
MFA CSR Customer Support Portal Authentication
Symptom
Two Factor Authentication (2FA)  is provided as an option for Customer Support Portal.

Environment
Customer Support Portal

Resolution

All account super users will have the ability to enable Two-Factor Authentication (2FA) at the account level. If 2FA is not enabled at the account level, you may set the option by navigating to: My Profile > Security Settings > Enable Two-Factor > select Enable as shown: 

My profile security settings in CSP

Listed below are some frequently asked questions on this new feature.

How to enable Two-Factor Authentication (2FA) at the account level in the Customer Support Portal

Two-Factor Authentication can only be enabled at the account level by someone with Super User permissions. To enable Two-Factor Authentication at the account level, follow the steps outlined below:
 

  1. Login to the Palo Alto Networks Customer Support Portal and navigate to the Company Account tab.
  2. You may enable and disable Two-Factor Authentication for your account under Security Settings 

Enabling 2 factor authentication in security settings


NOTE: Once you are enrolled, they will be notified via email that they are enrolled in Two-Factor Authentication to log into the Palo Alto Networks support site. Once 2FA is enabled by a Super User, all members of the account will be automatically enrolled.  


Also See: How to Enable Google Authenticator 

If I am member of multiple CSP accounts, what will my 2FA experience be?
If a user is a member of multiple accounts, one of which has 2FA enabled , then the user will be prompted for 2FA every time they log in to the Customer Support Portal. 


What happens when 2FA is turned off and who can turn off 2FA at the account level?
Only Super Users can disable 2FA by unchecking Enable 2 Factor Authentication under Security Settings.
CSP-SecuritySettings.png


Am I automatically unenrolled in 2FA if the Super User of my account disabled 2FA?
No. If a Super User disables 2FA at the account level, users will not be automatically unenrolled. Users are given the option to continue using 2FA or disable it themselves.


How can a user who is not a super user of an account disable 2FA login?
2FA can be disabled by an individual account member only if the Super User has disabled it at the account setting. Once disabled at the account level, individual members may disable 2FA via the Edit Profile page on the top right section of the CSP page.
My Profile in CSP

 



Additional Information

See Also
HOW TO ENABLE GOOGLE AUTHENTICATOR

For a full list of other Support Portal User Documents, review Customer Support Portal User Documents.


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN9CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language