Palo Alto Networks Knowledgebase: How to Enable Google Authenticator

How to Enable Google Authenticator

Created On 12/17/18 21:39 PM - Last Updated 05/30/19 02:01 AM
MFA CSR Customer Support Portal Authentication
Palo Alto Networks Customer Support Portal now offers two methods for Multi-Factor Authentication (MFA) to login to the Customer Support Portal (CSP).

The two Types of MFA are:
  1. Email (default)
  2. Google Authenticator (requires the Google Authenticator App installed on your mobile device)

Note: Please download Google Authenticator from Google Play or the Apple App Store before moving forward.  

To use Google Authenticator to log in to the CSP, you will have to enable it first by following the steps outlined below:

  1.  Login to CSP, click the dropdown next to your name, navigate to the My Profile page on the top right section.

User-added image

  1. Inside My Profile, scroll down to the Security Settings. Choose the radio button for Google Authenticator and click Save to save your changes.

User-added image

You will be re-directed to a page to Enable Google Authenticator (shown below). This is a one-time activity to enable Google Authenticator on CSP. 

  1.  Follow the instruction on the page to scan the QR code, enter the 6-digit code from the Google Authenticator App, and click Enable to complete enrollment.


User-added image

Once enrollment is complete, you will receive a confirmation, stating “User has been successfully enrolled in Google Authenticator,” and you will then be ready to start using Google Authenticator to log in to CSP.

  1.  The next time you log in to CSP, Sign in with a Google Authenticator Code. Enter the one-time passcode (OTP) from your Google Authenticator App in the box marked Google Authenticator Code, and click Sign On.


User-added image

What will happen if I lost my device with Google Authenticator?
If you lost your device with Google Authenticator, you will not be able to login to your support account. Contact your account superuser to change your MFA enrollment back to the default (email).
A super user can change a user’s MFA enrollment back to the default email authentication by checking the “Default 2F(Email)” in the Members Page as shown below:

User-added image

Additional Information
See Also: 


  • Print
  • Copy Link