Set Up External Authentication

The following workflows describe how to set up the GlobalProtect portal and gateways to use an external authentication service. The supported authentication services are LDAP, Kerberos, RADIUS, SAML, or TACACS+.
These workflows also describe how to create an optional
authentication profile
that a portal or gateway can use to identify the external authentication service. This step is optional for external authentication because the authentication profile also can specify the local authentication database or None.
GlobalProtect also supports local authentication. To use local authentication, create a local user database (
Device
Local User Database
) that contains the users and groups to which you want to allow VPN access and then refer to that database in the authentication profile.
The options for setting up external authentication include:

Related Documentation