1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Set Up Panorama
    5. Set Up Administrative Access to Panorama
    6. Configure Administrative Accounts and Authentication
    7. Configure a Panorama Administrator Account

    Configure a Panorama Administrator Account

    Administrative accounts specify Administrative Roles and authentication for Panorama administrators. The service that you use to assign roles and perform authentication determines whether you add the accounts on Panorama, on an external server, or both (see Administrative Authentication). For an external authentication service, you must configure an authentication profile before adding an administrative account (see Configure Administrative Accounts and Authentication). If you already configured the authentication profile or you will use the authentication mechanism that is local to Panorama, perform the following steps to add an administrative account on Panorama.
    You can’t add an administrator account to a Dedicated Log Collector (M-Series appliance in Log Collector mode). Only the predefined administrator account with the default username (admin) is available on Dedicated Log Collectors.
    1. Select
      Panorama
      Administrators
       and
      Add
       an account.
    2. Enter a user
      Name
       for the administrator.
    3. Select an
      Authentication Profile
       or sequence if you configured either for the administrator.
      This is required if Panorama will use Kerberos SSO or an external service for authentication.
      If Panorama will use local authentication, set the
      Authentication Profile
       to
      None
       and enter a
      Password
       and then
      Confirm Password
      .
    4. Select the
      Administrator Type
      :
      • Dynamic
        —Select a predefined administrator role.
      • Custom Panorama Admin
        —Select the Admin Role
        Profile
         you created for this administrator (see Configure an Admin Role Profile).
      • Device Group and Template Admin
        —Map access domains to administrative roles as described in the next step.
    5. (
      Device Group and Template Admin only
      ) In the Access Domain to Administrator Role section, click
      Add
      , select an Access Domain from the drop-down (see Configure an Access Domain), click the adjacent Admin Role cell, and select an Admin Role profile.
    6. Click
      OK
       to save your changes.
    7. Select
      Commit
      Commit to Panorama
       and
      Commit
       your changes.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo