i have installed Palo Alto Globalprotect and use duo push for my users, this works great - user authenticate trough windows (username/pass) and verify w/duo push on smartphones.
But now there are some users that dont have smartphones and maybe dont have phones. I tried to add yubikey hardware tokens and U2F but i dont seem to get how this should/could co-exist with the current configuration. That is working.
Is there a easier way to do this, with users that dont have the possiblity to use phones - just authenticate w/yubikey hw token/u2f device.
Yes, the Authentication Proxy service must be restarted after a change to authproxy.cfg. The down time should be less than five minutes (more like 2-3) while the service cycles. That does impact authentications as it can’t respond to incoming requests while the service restarts.