Device > Delegation Profile
Focus
Focus
Next-Generation Firewall

Device > Delegation Profile

Table of Contents

Device > Delegation Profile

Select DeviceDelegation Profile to manage delegation profiles for passwordless authentication. To create a new delegation profile, Add one and complete the following fields.
You can also Delete a profile that's no longer needed or Clone an existing profile. You can also optionally export the profile as a PDF/CSV.
Delegation Profile Settings
Description
Name
Enter a descriptive name (up to 31 characters) to help you identify the delegation profile when defining Authentication rules. The name is case-sensitive and must be unique. Use only the following character types:
  • letters
  • numbers
  • spaces
  • hyphens
  • underscores
Shared (Panorama only)
Select this option if you want the delegation profile to be available to:
  • Every virtual system (vsys) on a multi-vsys firewall. If you clear this selection, the object will be available only to the Virtual System selected in the Objects tab.
  • Every device group on Panorama. If you clear this selection, the object will be available only to the Device Group selected in the Objects tab.
Realm
If your network supports Kerberos single sign-on (SSO), enter the Kerberos Realm (up to 127 characters). This is the hostname portion of the user login name. For example, the user account name user@EXAMPLE.LOCAL has realm EXAMPLE.LOCAL.
Kerberos Server ProfileSelect the Kerberos Server Profile for the Kerberos server that controls access to the Realm to authenticate users without re-entering a password.
Kerberos KeytabTo import your Kerberos keytab, click Import, click Browse to locate the keytab file, and then click OK. A keytab contains Kerberos account information (principal name and hashed password) for the firewall, which is required for passwordless authentication. Each delegation profile can have one keytab.