Palo Alto Netowkrs supported features and factors

The Citrix Gateway supports the following versions, clients, features and factors.

Supported features

The following Okta features are supported:

Feature Supported

Notes

Authentication with Okta Credentials via RADIUS Yes

 

Authentication with Okta Credentials via SAML.

No

The RADIUS Integration for Palo Alto VPN does not support SAML.

Multi-factor authentication via RADIUS Yes

 

Multi-factor authentication via SAML Yes

The RADIUS Integration for Palo Alto VPN does not support MFA using SAML.

Supported factors

The following MFA Factors are supported:

 

MFA Factor Password Authentication Protocol
PAP
Extensible Authentication Protocol - Generic Token Card
EAP-GTC
Extensible Authentication Protocol - Tunneled Transport Layer Security
EAP-TTLS
Okta Verify (TOTP and PUSH) Supported Supported Supported - as long as challenge is avoided.
For example:
MFA-only or password, MFA for TOTP.
Push can work with primary auth + MFA as the push challenge is sent out-of-band.
Voice Call Supported Supported Not supported
SMS Authentication Supported Supported Not supported
Google Authenticator Supported Supported Supported - as long as challenge is avoided.
For example MFA only or password, MFA.
Symantec VIP Supported Supported Supported
Security Question Supported Supported Not supported
Custom TOTP Authentication Supported Supported Not supported
Duo(Push, SMS and Passcode only) Supported Supported Supported (passcode, Push)
YubiKey Supported Supported Supported

RSA Token

Supported

Supported

Supported

Email

Supported

Supported

Not supported

Info

Note

The U2F Security and Windows Hello MFA factors are not compatible with RADIUS-enabled implementations.
For additional information about the Radius apps refer to Configuring RADIUS applications in Okta.