Palo Alto Netowkrs supported features and factors
The Citrix Gateway supports the following versions, clients, features and factors.
Supported features
The following Okta features are supported:
Feature | Supported |
Notes |
---|---|---|
Authentication with Okta Credentials via RADIUS | Yes |
|
Authentication with Okta Credentials via SAML. |
No |
The RADIUS Integration for Palo Alto VPN does not support SAML. |
Multi-factor authentication via RADIUS | Yes |
|
Multi-factor authentication via SAML | Yes |
The RADIUS Integration for Palo Alto VPN does not support MFA using SAML. |
Supported factors
The following MFA Factors are supported:
MFA Factor | Password Authentication Protocol PAP |
Extensible Authentication Protocol - Generic Token Card EAP-GTC |
Extensible Authentication Protocol - Tunneled Transport Layer Security EAP-TTLS |
---|---|---|---|
Okta Verify (TOTP and PUSH) | Supported | Supported | Supported - as long as challenge is avoided. For example: MFA-only or password, MFA for TOTP. Push can work with primary auth + MFA as the push challenge is sent out-of-band. |
Voice Call | Supported | Supported | Not supported |
SMS Authentication | Supported | Supported | Not supported |
Google Authenticator | Supported | Supported | Supported - as long as challenge is avoided. For example MFA only or password, MFA. |
Symantec VIP | Supported | Supported | Supported |
Security Question | Supported | Supported | Not supported |
Custom TOTP Authentication | Supported | Supported | Not supported |
Duo(Push, SMS and Passcode only) | Supported | Supported | Supported (passcode, Push) |
YubiKey | Supported | Supported | Supported |
Supported |
Supported |
Supported |
|
Supported |
Supported |
Not supported |

Note
The U2F Security and Windows Hello MFA factors are not compatible with RADIUS-enabled implementations.
For additional information about the Radius apps refer to Configuring RADIUS applications in Okta.