1. In the NGFW admin portal, click the Device tab, and then go to Server Profiles > Multi Factor Authentication.
  2. Click +Add.
    The Multi Factor Authentication Server Profile window appears.
    A screen capture of the Multi Factor Authentication Server Profile window. In this screen capture, the Profile Name field says, "PingID". The Certificate Profile drop-down list shows three options: PingID-cert-profile, vm-series-cert-profile, and New Certificate Profile. PingID-cert-profile is selected.
  3. In the Profile Name field, enter a name for the profile. We will use PingID.
  4. From the Certificate Profile list, select the certificate profile that you previously created.
    Note:

    If you have not yet created a certificate profile for PingID, see Configure a Certificate Profile in the Palo Alto documentation.

  5. From the MFA Vendor list, select PingID.
    Several fields populate automatically.
    A screen capture of the Multi Factor Authentication Server Profile window, showing populated fields in the Server Settings section with MFA Vendor PingID selected. The populated fields are Base URI, Host name, and Timeout (sec).
  6. From the PingID properties file, complete the three fields listed in the following table.

    The relationships between the PingID properties fields and the fields listed in the Multi Factor Authentication Server Profile window are described in the following table.

    Display Name Certificate Field Illustrative value
    Use Base64 Key use_base64_key

    APixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7ct4z7LOM=
    Token token

    c85cxxxxxxxxxxxxxxxxxxxxxxxxx4c1
    PingID Client Organization ID Org_alias

    faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx779
  7. Ensure that the Use Base64 Key, Token, and PingID Client Organization ID fields are populated, and then click OK.

    A screen capture of the Multi Factor Authentication Server Profile window with all fields populated.