Forum Discussion
NPS extension for Azure MFA and MFA prompts
HI team My situation is as follows: I'm setting up MFA on a Palo Alto Global Protect VPN device and I'm attempting to use RADIUS and the NPS extension for Azure MFA. I appear to have got...
Hi Peter,
As you already stated and as far as I am aware, since Palo Alto isn't federating against Azure AD but against the RADIUS server, you shouldn't be able to configure conditions on sessions with, e.g., Conditional Access. Furthermore, we don't control the displayed UX with RADIUS, other than returning a RADIUS challenge-response. So I would prefer SAML and check if you can start a pilot with a subset of users.
As you already stated and as far as I am aware, since Palo Alto isn't federating against Azure AD but against the RADIUS server, you shouldn't be able to configure conditions on sessions with, e.g., Conditional Access. Furthermore, we don't control the displayed UX with RADIUS, other than returning a RADIUS challenge-response. So I would prefer SAML and check if you can start a pilot with a subset of users.
Agree. Try to convince the customer to switch to SAML unless of the design.
We implemented Palo Alto VPN into Azure AD as an Enterprise App many times. This is the preferred method to my opinion.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial
We implemented Palo Alto VPN into Azure AD as an Enterprise App many times. This is the preferred method to my opinion.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial
- Fully agree with everyone in the thread. However the RADIUS solution is in the design and I’m not in a position to fight that one at the moment…
