Prerequisite: Installing LastPass Universal Proxy
Universal Proxy Installation
Universal Proxy Installation for Windows

  • In the Palo Alto Network administrative portal, go to Device > Server Profiles > LDAP and add a new profile. Set a profile name. On the Server List panel, click the “Add” button and set the server name, the Universal Proxy IP address or hostname and the listening port. 
  • On the right side, select your LDAP server type. Set the Base DN and the Bind DN including the Password. Finally, set the Bind Timeout to 60 seconds and clickon the “Ok” button. 

Palo Alto VPN 1

 

  • Next go to Device > Authentication Profile and add a new profile. Set a profile name, then select the Type of authentication profile as LDAP. On the server profile select the LDAP authentication profile that you created on the previous step. Set the login attribute to samAccountName.

Palo Alto Network 2

 

  • Click on the Advanced tab in the Authentication Profile panel. Click the “+Add” button and select the users that will be authorized by this authentication profile. 

Palo Alto Netwrok 3

 

  • Now switch to the new authentication profile on your GlobalProtect Portals and Gateways. Go to NetworkGlobalProtect > Portals, select the portal you’d like to update, click on the Authentication tab, and select the authentication profile recently created. 

Palo Alto Network 4

 

  • Open NetworkGlobalProtect > Gateways, select the portal you’d like to update, click on the Authentication tab, and select the authentication profile recently created. 

Palo Alto Netwrok 5

 

Congratulations! MFA login to Palo Alto Network VPN is ready to use.