Configure a Panorama Administrator Account

Administrative accounts specify Administrative Roles and authentication for Panorama administrators. The service that you use to assign roles and perform authentication determines whether you add the accounts on Panorama, on an external server, or both (see Administrative Authentication). For an external authentication service, you must configure an authentication profile before adding an administrative account (see Configure Administrative Accounts and Authentication). If you already configured the authentication profile or you will use the authentication mechanism that is local to Panorama, perform the following steps to add an administrative account on Panorama.
  1. Modify the number of supported administrator accounts.
    Configure the total number of supported concurrent administrative accounts sessions for Panorama in the normal operational mode or in FIPS-CC mode. You can allow up to four concurrent administrative account sessions or configure Panorama to support an unlimited number of concurrent administrative account sessions.
    1. Select
      Panorama
      Setup
      Management
      and edit the Authentication Settings.
    2. Edit the
      Max Session Count
      to specify the number of supported concurrent sessions (range is
      0
      to
      4
      ) allowed for all administrator and user accounts.
      Enter
      0
      to configure Panorama to support an unlimited number of administrative accounts.
    3. Edit the
      Max Session Time
      in minutes for an administrative account. Default is
      720
      minutes.
    4. Click
      OK
      .
    5. Commit
      and
      Commit to Panorama
      .
    You can also configure the total number of supported concurrent sessions by logging in to the Panorama CLI.
    admin>
    configure
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    admin#
    set deviceconfig setting management admin-session max-session-count <0-4>
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    admin#
    set deviceconfig setting management admin-session max-session-time <0, 60-1499>
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    admin#
    commit
    Code copied to clipboard
    Unable to copy due to lack of browser support.
  2. Select
    Panorama
    Administrators
    and
    Add
    an account.
  3. Enter a user
    Name
    for the administrator.
  4. Select an
    Authentication Profile
    or sequence if you configured either for the administrator.
    This is required if Panorama will use Kerberos SSO or an external service for authentication.
    If Panorama will use local authentication, set the
    Authentication Profile
    to
    None
    and enter a
    Password
    and then
    Confirm Password
    .
  5. Select the
    Administrator Type
    :
    • Dynamic
      —Select a predefined administrator role.
    • Custom Panorama Admin
      —Select the Admin Role
      Profile
      you created for this administrator (see Configure an Admin Role Profile).
    • Device Group and Template Admin
      —Map access domains to administrative roles as described in the next step.
  6. (
    Device Group and Template Admin only
    ) In the Access Domain to Administrator Role section, click
    Add
    , select an Access Domain from the drop-down (see Configure an Access Domain), click the adjacent Admin Role cell, and select an Admin Role profile.
  7. Click
    OK
    to save your changes.
  8. Select
    Commit
    Commit to Panorama
    and
    Commit
    your changes.

Recommended For You