How to Enable Two Factor Authentication

How to Enable Two Factor Authentication

48014
Created On 09/25/18 18:07 PM - Last Modified 07/02/21 15:26 PM


Symptom
Two Factor Authentication (2FA)  is provided as an option for Customer Support Portal.

Environment
Customer Support Portal

Resolution

Super Users can enable 2FA for all users in an account by enabling Two-Factor Authentication (2FA) in account details (menu Account Management > Account Details). 

If 2FA is not enabled at the account level, a user may enable or disable 2FA by navigating to My Profile > Security Settings in the bottom of the left navigation menu.  Enable Two-Factor Authentication as shown below. 

By default, a user is assigned Email as a default 2FA method.  If a user would like to use a mobile phone app called Google Authenticator, the user downloads the app from Apple App Store (iPhone) or Google Play Store (Android).  Then, enable 2FA in the page below, select Google Authenticator, and click Save button.  Follow Customer Support Portal directions to pair Google Authenticator to your account.



Listed below are some frequently asked questions.

How to enable Two-Factor Authentication (2FA) at the account level in the Customer Support Portal

Two-Factor Authentication can only be enabled at the account level by someone with Super User permission. To enable Two-Factor Authentication at the account level, follow the steps outlined below:

  1. Login to the Palo Alto Networks Customer Support Portal and navigate to Account Management > Account Details.
  2. Enable and disable Two-Factor Authentication for all users in your account under Security Settings 

NOTE: Once a user is enrolled in Two-Factor Authentication, they will be notified via email.  Once 2FA is enabled by a Super User, all members of the account are automatically enrolled.  

To be able to enable/disable Two-Factor Authentication, you will need to enable/disable 2FA on the Account level first before you are able to proceed on an individual level. 

Also See: How to Enable Google Authenticator 

If I am member of multiple CSP accounts, what will my 2FA experience be?
If a user is a member of multiple accounts, one of which has 2FA enabled, then the user will be prompted for 2FA every time they log in to the Customer Support Portal. 


What happens when 2FA is turned off and who can turn off 2FA at the account level?
Only Super Users can disable 2FA by unchecking Enable 2 Factor Authentication under Security Settings.




Am I automatically unenrolled in 2FA if the Super User of my account disabled 2FA?
No. If a Super User disables 2FA at the account level, users will not be automatically unenrolled. Users are given the option to continue using 2FA or disable it themselves in My Profile > Security Settings.


How can a user who is not a Super User disable 2FA login?
2FA can be disabled by an individual account member only if the Super User has disabled 2FA at the account level. Once disabled at the account level, individual members may disable 2FA via the My Profile > Security Settings (see User Settings at the bottom of the left navigation menus).



Additional Information

See Also
HOW TO ENABLE GOOGLE AUTHENTICATOR

For a full list of other Support Portal User Documents, review Customer Support Portal User Documents.


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN9CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language