* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/) * Stamp out Credential Abus... # Stamp out Credential Abuse with Okta and Palo Alto Networks [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F06%2Fstamp-credential-abuse-okta-palo-alto-networks%2F) [](https://twitter.com/share?text=Stamp+out+Credential+Abuse+with+Okta+and+Palo+Alto+Networks&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F06%2Fstamp-credential-abuse-okta-palo-alto-networks%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F06%2Fstamp-credential-abuse-okta-palo-alto-networks%2F&title=Stamp+out+Credential+Abuse+with+Okta+and+Palo+Alto+Networks&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2017/06/stamp-credential-abuse-okta-palo-alto-networks/&ts=markdown) \[\](mailto:?subject=Stamp out Credential Abuse with Okta and Palo Alto Networks) Link copied By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross") Jun 22, 2017 3 minutes [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown) [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [credential-based attacks](https://www.paloaltonetworks.com/blog/tag/credential-based-attacks/?ts=markdown) [multi-factor authentication](https://www.paloaltonetworks.com/blog/tag/multi-factor-authentication/?ts=markdown) [Okta](https://www.paloaltonetworks.com/blog/tag/okta/?ts=markdown) [PAN-OS 8.0](https://www.paloaltonetworks.com/blog/tag/pan-os-8-0/?ts=markdown) What if you could instantly reduce the risk of a data breach by taking one simple step? Investigations into data breaches reveal that [63 percent of breaches involve stolen credentials](http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf), and that if we replaced single-factor passwords, [80 percent of hacking attack techniques would either "adapt or die."](http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf) Fortunately, there is an easy way to avoid breaches caused by credential-based attacks. By implementing multi-factor authentication, you can prevent credential abuse, such as an attacker using stolen credentials to access your sensitive applications. For example, if an external attacker manages to compromise one of your endpoints, deploying multi-factor authentication in your network can isolate the attacker to the compromised endpoint and prevent data theft from internal applications and servers. Multi-factor authentication is your ticket to preventing a wide range of credential abuse, including pass-the-hash attacks, weak passwords, credential stuffing and more. Your organization, along with every other organization, should use multi-factor authentication to protect all your applications and servers. It's a no brainer. So why, then, don't most organizations protect all their assets with multi-factor authentication? Because integrating it with every sensitive resource, including legacy applications and old servers that do not natively support strong authentication, can be an IT nightmare. We introduced multiple features in PAN-OS 8.0 to combat [credential-based](https://www.paloaltonetworks.com/products/innovations/credential-theft-prevention?ts=markdown) attacks. One of these features, our new multi-factor authentication enforcement capability, helps organizations like yours prevent credential abuse by enabling your next-generation firewall to act as a multi-factor authentication gateway in your network. When configured as an authentication gateway, Palo Alto Networks next-generation firewall integrates with Okta, as well as several other identity management vendors, to enforce multi-factor authentication at the network before granting access to specific applications or systems. Our next-generation firewall can serve as an authentication gateway for web applications, terminal-based access, thick-client applications or even network authentication. This capability helps organizations like yours prevent credential abuse without requiring you to spend time and resources integrating multi-factor authentication with individual applications. By collaborating with Okta, we've developed a set of integrated capabilities that work directly through the Okta API, as well as through the Okta RADIUS agent. Using this integration, you can protect applications that do not natively support multi-factor authentication, such as console-based applications or legacy applications, by configuring the next-generation firewall to enforce multi-factor authentication. If you have critical resources, take a look at our [new multi-factor authentication feature in PAN-OS 8.0](https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/multi-factor-authentication?ts=markdown) and our integration with Okta. This simple integration provides a fast path to deploying multi-factor authentication across your organization. For more details on how multi-factor authentication works in PAN-OS 8.0, check out authentication policy configuration in the [PAN-OS 8.0 Administrator's Guide](https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure-multi-factor-authentication#_79409?ts=markdown). **[Learn more about how to prevent credential-based attacks with Palo Alto Networks and Okta.](https://www.okta.com/blog/2017/02/preventing-credential-based-attacks-with-okta-and-palo-alto-networks/)** *** ** * ** *** ## Related Blogs ### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown) [#### Welcoming the APAC WildFire Cloud](https://www.paloaltonetworks.com/blog/2017/09/welcoming-apac-wildfire-cloud/) ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### Achieve More With Panorama 8.0](https://www.paloaltonetworks.com/blog/2017/08/achieve-panorama-8-0/) ### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### PAN-OS 8.0: Announcing New and Expanded Partner Integrations](https://www.paloaltonetworks.com/blog/2017/03/pan-os-8-0-announcing-new-expanded-partner-integrations/) ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### PAN-OS 8.0: New Hardware Enables Powerful Security Performance Without Compromise](https://www.paloaltonetworks.com/blog/2017/03/pan-os-8-0-new-hardware-enables-powerful-security-performance-without-compromise/) ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### PAN-OS 8.0: Three New Features in Panorama That Will Make Your Job Easier](https://www.paloaltonetworks.com/blog/2017/02/pan-os-8-0-three-new-features-panorama-will-make-job-easier/) ### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### PAN-OS 8.0: Thinking Beyond the Point Channel Strategy](https://www.paloaltonetworks.com/blog/2017/02/partner-pan-os-8-0-thinking-beyond-the-point-channel-strategy/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language