The following workflows describe how to set up the GlobalProtect
portal and gateways to use an external authentication service. The
supported authentication services are LDAP, Kerberos, RADIUS, SAML,
or TACACS+.
These workflows also describe how to create an optional authentication
profile that a portal or gateway can use to identify the external
authentication service. This step is optional for external authentication
because the authentication profile also can specify the local authentication
database or None.
GlobalProtect also supports local authentication. To use
local authentication, create a local user database (
Device
Local User Database
)
that contains the users and groups to which you want to allow VPN
access and then refer to that database in the authentication profile.