The administrative account credentials and
authentication mechanisms are local to Panorama. You use Panorama
to assign administrative roles and access domains to the accounts.
To further secure the accounts, you can create a password profile that
defines a validity period for passwords and set Panorama-wide password
complexity settings. For details, see Configure
Local or External Authentication for Panorama Administrators.
The administrative accounts are defined
only on an external SAML, TACACS+, or RADIUS server. The server performs both
authentication and authorization. For authorization, you define
Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server,
or SAML attributes on the SAML server. Panorama maps the attributes
to administrator roles and access domains that you define on Panorama.
For details, see: