How to Enable Two Factor Authentication
Two Factor Authentication (2FA) is provided as an option for Customer Support Portal.
Customer Support Portal
All account super users will have the ability to enable Two-Factor Authentication (2FA) at the account level. If 2FA is not enabled at the account level, you may set the option by navigating to: My Profile > Security Settings > Enable Two-Factor > select Enable as shown:
Listed below are some frequently asked questions on this new feature.
How to enable Two-Factor Authentication (2FA) at the account level in the Customer Support Portal
Two-Factor Authentication can only be enabled at the account level by someone with Super User permissions. To enable Two-Factor Authentication at the account level, follow the steps outlined below:
- Login to the Palo Alto Networks Customer Support Portal and navigate to the Company Account tab.
- You may enable and disable Two-Factor Authentication for your account under Security Settings
NOTE: Once you are enrolled, they will be notified via email that they are enrolled in Two-Factor Authentication to log into the Palo Alto Networks support site. Once 2FA is enabled by a Super User, all members of the account will be automatically enrolled.
To be able to enable/disable the Two-Factor Authentication, you will need to enable/disable on the Account level first before you are able to proceed on an individual level.
Also See: How to Enable Google Authenticator
If I am member of multiple CSP accounts, what will my 2FA experience be?
If a user is a member of multiple accounts, one of which has 2FA enabled , then the user will be prompted for 2FA every time they log in to the Customer Support Portal.
What happens when 2FA is turned off and who can turn off 2FA at the account level?
Only Super Users can disable 2FA by unchecking Enable 2 Factor Authentication under Security Settings.
Am I automatically unenrolled in 2FA if the Super User of my account disabled 2FA?
No. If a Super User disables 2FA at the account level, users will not be automatically unenrolled. Users are given the option to continue using 2FA or disable it themselves.
How can a user who is not a super user of an account disable 2FA login?
2FA can be disabled by an individual account member only if the Super User has disabled it at the account setting. Once disabled at the account level, individual members may disable 2FA via the Edit Profile page on the top right section of the CSP page.
HOW TO ENABLE GOOGLE AUTHENTICATOR
For a full list of other Support Portal User Documents, review Customer Support Portal User Documents.