GlobalProtect Mobile with DUO MFA

CK3510 · ‎04-28-2022

I am trying to set up DUO for GlobalProtect Mobile client. I can not get the push option to work. When I try to log in I do receive the Push notification but I believe the Internet connection is in a temporary limbo state while connecting that the authentication approval never gets sent back. I have tried adding a second device to my user thinking it would send the request there, but it never does. It does work if I use the password,code, but I would like to see if it could be done with push.
Thanks for any responses.

DuoKristina · ‎04-29-2022

You should contact Palo Alto support to determine whether the Global Protect mobile client disrupts the internet connectivity on your phone such that it cannot respond to the Duo Push request. There is nothing you could do in Duo to make your phone send back the response if the GP client prevents it.

You mentioned you tried adding a second device. That would work if that second device is activated for Duo Push and one of the following is true:

the second device is first in the list of phones when you view the user in the Duo Admin Panel (as Duo’s automatic push defaults to the first activated device in the list)
the second device is not the first in the list but you specify use of it by appending it to your password like password,push2 to send the push to the second phone in the list.

Duo’s service won’t try a push to the second device in the list in a single authentication attempt if a push to the first one fails - they are alternate auth devices, not failover auth devices.

Duo, not DUO.