Palo Alto Netowkrs supported features and factors
The Citrix Gateway supports the following versions, clients, features and factors.
Supported features
The following Okta features are supported:
| Feature | Supported |
Notes |
|---|---|---|
| Authentication with Okta Credentials via RADIUS | Yes |
|
|
Authentication with Okta Credentials via SAML. |
No |
The RADIUS Integration for Palo Alto VPN does not support SAML. |
| Multi-factor authentication via RADIUS | Yes |
|
| Multi-factor authentication via SAML | Yes |
The RADIUS Integration for Palo Alto VPN does not support MFA using SAML. |
Supported factors
The following MFA Factors are supported:
| MFA Factor | Password Authentication Protocol PAP |
Extensible Authentication Protocol - Generic Token Card EAP-GTC |
Extensible Authentication Protocol - Tunneled Transport Layer Security EAP-TTLS |
|---|---|---|---|
| Okta Verify (TOTP and PUSH) | Supported | Supported | Supported - as long as challenge is avoided. For example: MFA-only or password, MFA for TOTP. Push can work with primary auth + MFA as the push challenge is sent out-of-band. |
| Voice Call | Supported | Supported | Not supported |
| SMS Authentication | Supported | Supported | Not supported |
| Google Authenticator | Supported | Supported | Supported - as long as challenge is avoided. For example MFA only or password, MFA. |
| Symantec VIP | Supported | Supported | Supported |
| Security Question | Supported | Supported | Not supported |
| Custom TOTP Authentication | Supported | Supported | Not supported |
| Duo(Push, SMS and Passcode only) | Supported | Supported | Supported (passcode, Push) |
| YubiKey | Supported | Supported | Supported |
|
Supported |
Supported |
Supported |
|
|
Supported |
Supported |
Not supported |
Note
The U2F Security and Windows Hello MFA factors are not compatible with RADIUS-enabled implementations.
For additional information about the Radius apps refer to Configuring RADIUS applications in Okta.