Prisma Access Agent
Set Up Prisma Access Agent User Authentication (NGFW Deployment)
Table of Contents
Set Up Prisma Access Agent User Authentication (NGFW Deployment)
Learn how to set up the user authentication for Prisma Access Agent users in
NGFW deployments.
For Panorama managed NGFW deployments, you can set up user authentication so that
only legitimate Prisma Access Agent users have access to your services and
applications.
Before you begin:
On Prisma Access Agent and GlobalProtect™ coexistence tenants, the Prisma Access Agent supports only SAML authentication with Cloud Identity Engine, while GlobalProtect supports authentication types such as
SAML, RADIUS, LDAP, TACACS+, and Kerberos.
- Log in to Strata Cloud Manager as the administrator.
- Select .
- Select Prisma Access Agent.
- Click Add User Authentication.
- Select an Authentication Profile. The authentication profile is the same one that you set up in Cloud Identity Engine.
- To select an existing profile, select an Authentication Profile from the list.
- If no authentication profile exists or you want to add a new one, click Create New.
- Enter the Profile Name.
- Select a CIE profile from the drop-down.
- Enter the Maximum Clock Skew (seconds),
which is the allowed system time difference (in seconds) between
the IdP and gateway when the gateway validates IdP messages. If
the difference exceeds this value, authentication fails. The range is 1-900 seconds. There is no default value.
- Save the authentication profile
settings.
- Select the authentication profile that you just added.
- Save your user authentication settings.
