1. Home
    2. Panorama
    3. Panorama™ Administrator’s Guide
    4. Set Up Panorama
    5. Configure an Administrator with Kerberos SSO, External, or Local Authentication
    Previous
    Next
    When you configure Administrative Authentication for an administrator account, you can combine Kerberos single sign-on (SSO) authentication with an external authentication service or with local authentication. You can also configure the administrator to use only one of those authentication methods.
    Configure an Administrator with Kerberos SSO, External, or Local Authentication
    Create a Kerberos keytab. Required for Kerberos SSO authentication. Create a Kerberos keytab. A keytab is a file that contains Kerberos account information (principal name and hashed password) for Panorama.
    Configure access domains. Required for Device Group and Template administrators. Configure an Access Domain.
    Configure Admin Role profiles. Required if you are assigning a custom role to the administrator. Configure an Admin Role Profile.
    Configure access to an external authentication service if you will use one. Select Panorama > Server Profiles, select the authentication service type ( RADIUS, TACACS+, LDAP, or Kerberos), and configure the server profile: Configure a RADIUS Server Profile. Configure a TACACS+ Server Profile. Configure an LDAP Server Profile. Configure a Kerberos Server Profile.
    Configure an authentication profile. Required for Kerberos SSO or external authentication. If your administrators are in multiple Kerberos realms, you can create an authentication profile for each realm and assign all the profiles to an authentication sequence. You can then assign the same authentication sequence to all administrators. For details, see Authentication Profiles and Sequences. Configure an authentication profile or sequence.
    Configure an administrator. Configure an Administrative Account.
    Previous
    Next

    Related Documentation

    Kerberos for Internal Gateway for Windows

    Kerberos for Internal Gateway for Windows GlobalProtect clients running on Windows 7, 8, or 10 now support Kerberos V5 single sign-on (SSO) for GlobalProtect portal ...

    Role-Based Access Control

    Role-Based Access Control Role-based access control (RBAC) enables you to define the privileges and responsibilities of administrative users (administrators). Every administrator must have a user ...

    Configure Administrative Accounts and Authentication

    Configure Administrative Accounts and Authentication If you have already configured Administrative Roles , external authentication services (if applicable), and Access Domains (for Device Group and ...

    Device > Authentication Profile

    Device > Authentication Profile Device > Authentication Profile Panorama > Authentication Profile Select Device > Authentication Profile or Panorama > Authentication Profile to configure authentication ...

    Configure an Administrative Account

    Configure an Administrative Account Administrative accounts specify Administrative Roles , Administrative Authentication methods, and Access Domains for Panorama administrators. You can’t add an administrator account ...

    Device > Server Profiles > Kerberos

    Device > Server Profiles > Kerberos Device > Server Profiles > Kerberos Panorama > Server Profiles > Kerberos Select Device > Server Profiles > Kerberos ...

    Test the Authentication Configuration

    Test the Authentication Configuration Use the test authentication command to determine if your firewall or Panorama management server can communicate with a back-end authentication server ...

    Set Up External Authentication

    Set Up External Authentication The following workflow describes how to set up the GlobalProtect portal and gateways to use an external authentication service. The supported ...

    Device > User Identification > Captive Portal Settings

    Device > User Identification > Captive Portal Settings In the Device > User Identification > Captive Portal Settings page, Edit ( ) the following settings ...

    Enable Two-Factor Authentication Using Certificate and Auth...

    Enable Two-Factor Authentication Using Certificate and Authentication Profiles The following workflow describes how to configure GlobalProtect client authentication requiring the user to authenticate both to ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo