Configure Local Database Authentication
Focus
Focus

Configure Local Database Authentication

Table of Contents

Configure Local Database Authentication

You can configure a user database that is local to the firewall to authenticate administrators who access the firewall web interface and to authenticate end users who access applications through Authentication Portal or GlobalProtect. Perform the following steps to configure Local Authentication with a local database.
Configuring new minimum password complexity settings (
Device
Setup
) or modifying an existing minimum password complexity settings does not apply retroactively to existing local data base user accounts.
If you create or modify the minimum password complexity settings, you must re-add the existing local database administrator accounts so the passwords comply with the minimum password complexity settings.
External Authentication Services are usually preferable to local authentication because they provide the benefit of central account management.
You can also configure local authentication without a database, but only for firewall or Panorama administrators.
  1. Add the user account to the local database.
    1. Select
      Device
      Local User Database
      Users
      and click
      Add
      .
    2. Enter a user
      Name
      for the administrator.
    3. Enter a
      Password
      and
      Confirm Password
      or enter a
      Password Hash
      .
    4. Enable
      the account (enabled by default) and click
      OK
      .
  2. Add the user group to the local database.
    Required if your users require group membership.
    1. Select
      Device
      Local User Database
      User Groups
      and click
      Add
      .
    2. Enter a
      Name
      to identify the group.
    3. Add
      each user who is a member of the group and click
      OK
      .
  3. The authentication profile defines authentication settings that are common to a set of users. Set the authentication
    Type
    to
    Local Database
    .
  4. Assign the authentication profile to an administrator account or to an Authentication policy rule for end users.
  5. Verify that the firewall can Test Authentication Server Connectivity to authenticate users.

Recommended For You