Select DeviceDelegation Profile to manage delegation profiles for passwordless authentication. To create
a new delegation profile, Add one and complete the following
fields.
You can also Delete a profile that's no longer needed or
Clone an existing profile. You can also optionally export the
profile as a PDF/CSV.
Delegation Profile Settings
Description
Name
Enter a descriptive name (up to 31 characters) to help you identify
the delegation profile when defining Authentication rules. The name
is case-sensitive and must be unique. Use only the following
character types:
letters
numbers
spaces
hyphens
underscores
Shared (Panorama only)
Select this option if you want the delegation profile to be available
to:
Every virtual system (vsys) on a multi-vsys firewall. If you
clear this selection, the object will be available only to
the Virtual System selected in the
Objects tab.
Every device group on Panorama. If you clear this selection,
the object will be available only to the Device
Group selected in the
Objects tab.
Realm
If your network supports Kerberos single sign-on (SSO), enter the
Kerberos Realm (up to 127 characters). This is the hostname portion
of the user login name. For example, the user account name
user@EXAMPLE.LOCAL has realm EXAMPLE.LOCAL.
Kerberos Server Profile
Select the Kerberos Server Profile for
the Kerberos server that controls access to the Realm to authenticate
users without re-entering a password.
Kerberos Keytab
To import your Kerberos keytab, click
Import, click Browse
to locate the keytab file, and then click OK. A
keytab contains Kerberos account information (principal name and hashed
password) for the firewall, which is required for passwordless
authentication. Each delegation profile can have one keytab.