You can set up a local database on the firewall to store authentication information for firewall administrators , Captive Portal end users , and end users who authenticate to a GlobalProtect portal and GlobalProtect gateway . Local database authentication requires no external authentication service; you perform all account management on the firewall. After creating the local database and (optionally) assigning the users to groups (see Device > Local User Database > User Groups), you can Device > Authentication Profile based on the local database.
You cannot Device > Password Profiles for administrative accounts that use local database authentication.
To Add a local user to the database, complete the following fields.
Local User Setting Description
Name Enter a name to identify the user (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Location Select the scope in which the user account is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location ; its value is predefined as Shared (for firewalls) or as Panorama. After you save the user account, you can’t change its Location.
Mode Use this field to specify the authentication option: Password —Enter and confirm a password for the user. Password Hash —Enter a hashed password string. This can be useful if, for example, you want to reuse the credentials for an existing Unix account but don’t know the plaintext password, only the hashed password. The firewall accepts any string of up to 63 characters regardless of the algorithm used to generate the hash value. The operational CLI command request password-hash password uses the MD5 algorithm when the firewall is in normal mode and the SHA256 algorithm when the firewall is in CC/FIPS mode. Any Minimum Password Complexity parameters you set for the firewall ( Device > Setup > Management) do not apply to accounts that use a Password Hash.
Enable Select this option to activate the user account.

Related Documentation