The administrative account credentials and
authentication mechanisms are local to Panorama. You use Panorama
to assign administrative roles and access domains to the accounts.
To further secure the accounts, you can create a password profile that
defines a validity period for passwords and set Panorama-wide password
complexity settings. For details, see Configure
Local or External Authentication for Panorama Administrators.
The administrative accounts are defined
only on an external SAML, TACACS+, or RADIUS server. The server
performs both authentication and authorization. For authorization,
you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS
server, or SAML attributes on the SAML server. Panorama maps the
attributes to administrator roles and access domains that you define
on Panorama. For details, see: