Configure LDAP Authentication
You can use LDAP to authenticate end users who access applications or services through Captive Portal and authenticate firewall or Panorama administrators who access the web interface.
- Add an LDAP server profile.The profile defines how the firewall connects to the LDAP server.
- SelectandDeviceServer ProfilesLDAPAdda server profile.
- Enter aProfile Nameto identify the server profile.
- (Multi-vsys only) Select theLocationin which the profile is available.
- (Optional) SelectAdministrator Use Onlyto restrict access to administrators.
- Addthe LDAP servers (up to four). For each server, enter aName(to identify the server),LDAP ServerIP address or FQDN, and serverPort(default 389).If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change for the new server address to take effect.
- Select the serverType.
- Select theBase DN.
- Enter theBind DNandPasswordto enable the authentication service to authenticate the firewall.
- Enter theBind TimeoutandSearch Timeoutin seconds (default is 30 for both).
- Enter theRetry Intervalin seconds (default is 60).
- (Optional) If you want the endpoint to use SSL or TLS for a more secure connection with the directory server, enable the option toRequire SSL/TLS secured connection(enabled by default). The protocol that the endpoint uses depends on the server port:
- Any other port—The device first attempts to use TLS. If the directory server doesn’t support TLS, the device falls back to SSL.
- (Optional) For additional security, enable to the option toVerify Server Certificate for SSL sessionsso that the endpoint verifies the certificate that the directory server presents for SSL/TLS connections. To enable verification, you must also enable the option toRequire SSL/TLS secured connection. For verification to succeed, the certificate must meet one of the following conditions:
- It is in the list of device certificates:If necessary, import the certificate into the device.DeviceCertificate ManagementCertificatesDevice Certificates.
- The certificate signer is in the list of trusted certificate authorities:.DeviceCertificate ManagementCertificatesDefault Trusted Certificate Authorities
- ClickOKto save the server profile.
- Assign the server profile to Configure an Authentication Profile and Sequence to define various authentication settings.
- Assign the authentication profile to the firewall application that requires authentication.
- Verify that the firewall can Test Authentication Server Connectivity to authenticate users.
Device > Server Profiles > LDAP
Device > Server Profiles > LDAP Device Server Profiles LDAP Panorama Server Profiles LDAP Add or select an LDAP Server Profile to configure settings for ...
Enable Two-Factor Authentication Using Certificate and Auth...
Enable Two-Factor Authentication Using Certificate and Authentication Profiles The following workflow describes how to configure GlobalProtect to require users to authenticate to both a certificate ...
Set Up LDAP Authentication
Set Up LDAP Authentication LDAP is often used by organizations as an authentication service and a central repository for user information. It can also be ...
Configure the Portal to Authenticate Satellites
Configure the Portal to Authenticate Satellites In order to register with the LSVPN, each satellite must establish an SSL/TLS connection with the portal. After establishing ...
Enable Group Mapping
Enable Group Mapping Because the agent or app running on your end-user systems requires the user to successfully authenticate before being granted access to GlobalProtect, ...
Configure Captive Portal
Configure Captive Portal The following procedure shows how to set up Captive Portal authentication by configuring the PAN-OS integrated User-ID agent to redirect web requests ...
Set Up Authentication Using Custom Certificates Between HA Peers
Set Up Authentication Using Custom Certificates Between HA Peers You can Set Up Authentication Using Custom Certificates for securing the HA connection between Panorama HA ...
Configure an Authentication Profile and Sequence
Configure an Authentication Profile and Sequence An authentication profile defines the authentication service that validates the login credentials of administrators who access the firewall web ...
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...