Set up Nexus OTP as 2FA for Palo Alto
This article describes how to enable Nexus OTP in Smart ID Digital Access component as two-factor authentication method for Palo Alto Firewall, to replace static passwords.
Nexus OTP can be either Nexus TruID Synchronized or Smart ID Mobile App OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator.
With the setup described in this article, Digital Access functions as a RADIUS server and Palo Alto Firewall as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.