Authentication is a method for protecting services and applications by verifying the identities of users so that only legitimate users have access. Several firewall and Panorama features require authentication. Administrators authenticate to access the web interface, CLI, or XML API of the firewall and Panorama. End users authenticate through Captive Portal or GlobalProtect to access various services and applications. You can choose from several authentication services to protect your network and to accommodate your existing security infrastructure while ensuring a smooth user experience.
If you have a public key infrastructure, you can deploy certificates to enable authentication without users having to manually respond to login challenges (see Certificate Management). Alternatively, or in addition to certificates, you can implement interactive authentication, which requires users to authenticate using one or more methods. The following topics describe how to implement, test, and troubleshoot the different types of interactive authentication:
- Authentication Types
- Plan Your Authentication Deployment
- Configure Multi-Factor Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Connection Timeouts for Authentication Servers
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Authentication Policy
- Troubleshoot Authentication Issues
Plan Your Authentication Deployment
Plan Your Authentication Deployment The following are key questions to consider before you implement an authentication solution for administrators who access the firewall and end ...
Configure Local or External Authentication for Firewall Adm...
Configure Local or External Authentication for Firewall Administrators You can use Local Authentication and External Authentication Services to authenticate administrators who access the firewall. These ...
Configure Multi-Factor Authentication
Configure Multi-Factor Authentication To use Multi-Factor Authentication (MFA) for protecting sensitive services and applications, you must configure Captive Portal to display a web form for ...
Configure Captive Portal
Configure Captive Portal The following procedure shows how to set up Captive Portal authentication by configuring the PAN-OS integrated User-ID agent to redirect web requests ...
Configure Authentication Policy
Configure Authentication Policy Perform the following steps to configure Authentication policy for end users who access services through Captive Portal. Before starting, ensure that your ...
Kerberos Kerberos is an authentication protocol that enables a secure exchange of information between parties over an insecure network using unique keys (called tickets) to ...
Configure Kerberos Server Authentication
Configure Kerberos Server Authentication You can use Kerberos to natively authenticate end users and firewall or Panorama administrators to an Active Directory domain controller or ...
External Authentication Services
External Authentication Services The firewall and Panorama can use external servers to control administrative access to the web interface and end user access to services ...
Objects > Authentication
Objects > Authentication An authentication enforcement object specifies the method and service to use for authenticating end users who access your network resources. You assign ...