We currently use RSA for MFA authentication to services that include GlobalProtect. However, we are slowly moving everything to Microsoft Authenticator. Can we use Microsoft Authenticator to authenticate to GlobalProtect? If so, does anyone have any instructions?
Yes, use SAML.
https://learn.microsoft.com/en-us/entra/identity/saas-apps/palo-alto-networks-globalprotect-tutorial
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE
https://learn.microsoft.com/de-de/entra/identity/saas-apps/palo-alto-networks-globalprotect-tutorial
or just google : globalprotect azure saml
Indeed. Works like a charm. Setup using Azure SAML.
Yes, been on it for over 6 years
Yep, works a treat. Been using it for about 2 years
I tried SAML as folks have suggested here, but I found it to be pretty unreliable. It would often not actually pop an MFA prompt because it saw that the user was signed in to Azure AD on their machine. I couldn’t get it to pop MFA consistently. I ended up switching to using RADIUS to an on-prem NPS server with the Azure MFA extension installed. That does have some other issues, but it does reliably pop MFA every time.