Okta + Palo Alto Networks

Layer strong authentication everywhere and deliver seamless remote access to the internal network

The Challenge

  • Today’s workforce demands anytime access to enterprise resources from any location
  • The enterprise must balance accessibility with security to protect all users and all assets
  • Malicious actors often leverage weak or stolen credentials to gain improper access into the network

The Solution

  • Deep integration between Okta + Palo Alto Networks for robust, user-centric security across your hybrid IT environment for all users, including partners and contractors
  • Strong authentication for additional access security across hybrid IT environments through Okta Adaptive Multi-Factor Authentication (MFA)
  • Seamless authorised access to cloud assets through Okta Identity Cloud and on-prem assets through Palo Alto Networks GlobalProtect VPN
  • Simple and intuitive authentication for all users everywhere with Okta Single Sign-On (SSO)

Integration Value


reduction in time and costs administering users, groups, policies, apps, and devices2


reduction in compliance costs to document user access with Okta2

1 hour

on average, to connect Okta MFA to Palo Alto Networks VPN3

Strengthen security across a hybrid network with Adaptive MFA everywhere

Okta’s Adaptive MFA integrates deeply with Palo Alto Networks to strengthen the network perimeter—making it harder for threat actors to gain access with stolen credentials—as well as the assets inside, through policy-driven step-up authentication when users try accessing sensitive data.


Simplify and secure remote access to enterprise resources

Keep end users productive with easy, reliable, remote access to your internal network. Layer Okta’s SSO in front of Palo Alto Networks Global Protect VPN to streamline authentication and access to apps and other resources, whether in the cloud or on-prem.


PANW diagram logo2


Ensure comprehensive regulatory compliance 

Industry compliance standards like HIPAA and PCI DSS demand a robust MFA solution that may be incompatible with older or homegrown or legacy apps and resources in your environment. Okta + Palo Alto Networks lets you deploy strong Adaptive MFA across the network, keeping the enterprise in compliance by protecting apps that need it but don’t natively support it.


Keep management tools and processes safe

SysAdmins typically need to access and control a variety of firewalls, servers, databases, and other critical infrastructure. These administrative accounts must remain secure at all times, but authenticating separately for them impedes workflow efficiency. Okta + Palo Alto Networks enables your security team to safely authenticate once and manage globally, giving you peace of mind.

Okta + Palo Alto Networks: Securing the Network for Safe Remote Access

  • Okta + Palo Alto Networks provides a complex, multi-layered defence against credential-based attacks
  • Remote users enjoy seamless Okta SSO for cloud apps as well as on prem resources thanks to Palo Alto Networks GlobalProtect VPN
  • IT can further secure access through Okta Adaptive MFA, easily meeting compliance requirements and security best practices
  • Administrators can easily and securely access the Palo Alto Networks admin console
  • Integration is easily deployed, using SAML, RADIUS or APIs, for Palo Alto Networks GlobalProtect VPN, Captive Portal, and admin UI


  1. Ponemon Institute; 2017 Cost of Data Breach Study (Global)
  2. Forrester Research; Making the Business Case for Identity and Access Management 
  3. Customer analysis of IT Savings and Productivity benefits