The following procedure provides an overview of the tasks required to configure RADIUS Vendor-Specific Attributes (VSAs) for administrator authentication to Panorama. For detailed instructions, refer to the following Knowledge Base (KB) articles:
Be sure to complete the following three tasks before you start this procedure:
Create the administrative accounts in the directory service that your network uses (for example, Active Directory).
Set up a RADIUS server that can communicate with that directory service.
Import the Palo Alto Networks RADIUS dictionary
into your RADIUS server.
Use RADIUS Vendor-Specific Attributes for Account Authentication
Add the Panorama IP address or hostname as the RADIUS client.
Define the VSAs for administrator authentication. You must specify the vendor code (25461 for Panorama) and the VSA name, number, and value.