For example, you can require that Salesforce users complete two-factor authentication at every login, but only once every seven days when accessing Palo Alto GlobalProtect. Duo Single Sign-On acts as an identity provider (IdP), authenticating your users using existing on-premises Active Directory (AD) or any SAML 2.0 IdP and prompting for two-factor authentication before permitting access to Palo Alto GlobalProtect.ĭuo Single Sign-On is available in Duo Beyond, Duo Access, and Duo MFA plans, which also include the ability to define policies that enforce unique controls for each individual SSO application. In addition, as sensitive information makes its way to cloud-hosted services it is even more important to secure access by implementing two-factor authentication.ĭuo Single Sign-On is our cloud-hosted SSO product which layers Duo's strong authentication and flexible policy engine on top of Palo Alto GlobalProtect logins using the Security Assertion Markup Language (SAML) 2.0 authentication standard. If a user's primary password is compromised, attackers may be able to gain access to multiple resources.
While SSO is convenient for users, it presents new security challenges.
Single sign-on (SSO) technologies seek to unify identities across systems and reduce the number of different credentials a user has to remember or input to gain access to resources. If you are looking to protect Palo Alto Networks Aperture please visit Duo Protection for Palo Alto Networks Aperture.Īs business applications move from on-premises to cloud hosted solutions, users experience password fatigue due to disparate logons for different applications. Learn more about the differences between the Palo Alto GlobalProtect deployment configurations. This configuration does not feature the inline Duo Prompt, but also does not require a SAML identity provider.
To deploy push, phone call, or passcode authentication for GlobalProtect desktop and mobile client connections using RADIUS, refer to the Palo Alto GlobalProtect instructions. Duo Federal customers or those looking for an on-premises SSO solution: try Duo Protection for Palo Alto Networks SSO with Duo Access Gateway.ĭuo Single Sign-On for Palo Alto SSO supports GlobalProtect clients via SAML 2.0 authentication only.
0 kommentar(er)
