Configure LDAP Authentication

You can use LDAP to authenticate end users who access applications or services through Captive Portal and authenticate firewall or Panorama administrators who access the web interface.

You can also connect to an LDAP server to define policy rules based on user groups. For details, see Map Users to Groups.

Add an LDAP server profile.

The profile defines how the firewall connects to the LDAP server.

Select

Device

Server Profiles

LDAP

and

Add

a server profile.

Enter a

Profile Name

to identify the server profile.

Add

the LDAP servers (up to four). For each server, enter a

Name

(to identify the server),

LDAP Server

IP address or FQDN, and server

Port

(default 389).

If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change for the new server address to take effect.

Select the server

Type

Enter the

Bind Timeout

and

Search Timeout

in seconds (default is 30 for both).

Click

to save the server profile.

Assign the server profile to an Configure an Authentication Profile and Sequence to define various authentication settings.

Assign the authentication profile to the firewall application that requires authentication.

Administrative access to the web interface
—Configure a Firewall Administrator Account and assign the authentication profile you configured.

End user access to services and applications
—For the full procedure to configure authentication for end users, see Configure Authentication Policy.

Verify that the firewall can Test Authentication Server Connectivity to authenticate users.

Document:PAN-OS® Administrator’s Guide

Configure LDAP Authentication

Configure LDAP Authentication

Recommended For You

Document:PAN-OS® Administrator’s Guide

Configure LDAP Authentication

Configure LDAP Authentication

Recommended For You

Recommended Videos