Skip to content
← General

How can we improve our products? (please focus on ideas which are not within the other categories)

General

Categories

PRTG: Native MFA for Local PRTG Accounts

Priority: High (KRITIS-relevant, multiple customer requests)

Description:
Customers require native Multi-Factor Authentication (MFA) for local PRTG accounts without dependency on external Identity Providers (Azure AD, Okta).

Current State:

MFA only available via SSO/SAML with external IdP
No native MFA for local user accounts in PRTG Network Monitor/Enterprise Monitor

Customer Requirements:

Security-by-design instead of reactive implementation via third-party providers
Digital sovereignty – avoid dependency on US hyperscalers (Azure AD)
KRITIS compliance without additional infrastructure (IdP)

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Franz Obermayer shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminIsidora Jeremic (Admin, Paessler) commented  ·   ·  Report

    Hello,

    Please note that MFA is already available through SSO (Okta and Microsoft Entra ID) options:

    https://helpdesk.paessler.com/en/support/solutions/articles/76000063381-how-can-i-enable-microsoft-entra-id-multifactor-authentication-

    https://helpdesk.paessler.com/en/support/solutions/articles/76000063571-how-can-i-enable-okta-multifactor-authentication-

    You might want to try some workarounds:

    - AD FS (Active Directory Federation Services): Use your existing Windows Server infrastructure to act as the SAML provider. You can configure AD FS to require certificates or smart cards.

    - Reverse Proxy (Authelia/Authentik): Place PRTG behind a proxy (like Nginx) paired with a tool like Authelia. The proxy intercepts traffic and forces an MFA check before the user can even see the PRTG login screen.

    However, please note that these suggestions have not been tested by Paessler. They are not natively supported, and our team is unable to assist with setup or troubleshooting.

    Best regards,

    The Paessler Product Team

    (Edited by admin)
  • Yannik commented  ·   ·  Report

    As an IT Infrastructure Manager responsible for security and compliance, I want to enforce Two-Factor Authentication (2FA) for all users accessing the PRTG On-Premise web interface,

    At the moment, PRTG On-Premise only supports password-based authentication. Given today’s security requirements and compliance standards, 2FA has become essential for protecting administrative interfaces and monitoring systems. Since PRTG contains critical infrastructure information, enhanced login security is necessary in many environments.

    Requested Feature:
    Please add support for Two-Factor Authentication (2FA) for PRTG On-Premise, ideally with multiple methods such as:
    - TOTP apps (Google Authenticator, Microsoft Authenticator, etc.)
    - Hardware tokens (FIDO2, YubiKey)
    - SMS or email codes (optional)

    Use Case / Reasoning:
    - Strengthens the overall security of the monitoring environment
    - Helps meet modern cybersecurity and compliance requirements
    - Prevents unauthorized access even if passwords are compromised
    - Aligns PRTG On-Premise with current industry standards for authentication

    Support for 2FA would significantly enhance the security posture of PRTG installations, especially in larger or regulated environments.

  • VALTER VEIGA commented  ·   ·  Report

    2FA for the Enterprise monitor gui logins.

  • VALTER VEIGA commented  ·   ·  Report

    Add 2FA functionality to the Paessler PRTG Host and Enterprise network Monitor.
    Local AP