Configure an Administrator with Kerberos SSO, External, or Local Authentication

When you configure Administrative Authentication for an administrator account, you can combine Kerberos single sign-on (SSO) authentication with an external authentication service or with local authentication. You can also configure the administrator to use only one of those authentication methods.

Configure an Administrator with Kerberos SSO, External, or Local Authentication
Create a Kerberos keytab. Required for Kerberos SSO authentication.	Create a Kerberos keytab. A keytab is a file that contains Kerberos account information (principal name and hashed password) for Panorama.
Configure access domains. Required for Device Group and Template administrators.	Configure an Access Domain.
Configure Admin Role profiles. Required if you are assigning a custom role to the administrator.	Configure an Admin Role Profile.
Configure access to an external authentication service if you will use one.	Select Panorama > Server Profiles, select the authentication service type ( RADIUS, TACACS+, LDAP, or Kerberos), and configure the server profile: Configure a RADIUS Server Profile. Configure a TACACS+ Server Profile. Configure an LDAP Server Profile. Configure a Kerberos Server Profile.
Configure an authentication profile. Required for Kerberos SSO or external authentication. If your administrators are in multiple Kerberos realms, you can create an authentication profile for each realm and assign all the profiles to an authentication sequence. You can then assign the same authentication sequence to all administrators. For details, see Authentication Profiles and Sequences.	Configure an authentication profile or sequence.
Configure an administrator.	Configure an Administrative Account.

Document:Panorama™ Administrator’s Guide