Configure a Panorama Administrator Account
Administrative accounts specify Administrative Roles and authentication for Panorama administrators. The service that you use to assign roles and perform authentication determines whether you add the accounts on Panorama, on an external server, or both (see Administrative Authentication). For an external authentication service, you must configure an authentication profile before adding an administrative account (see Configure Administrative Accounts and Authentication). If you already configured the authentication profile or you will use the authentication mechanism that is local to Panorama, perform the following steps to add an administrative account on Panorama.
You can’t add an administrator account to a Dedicated Log Collector (M-Series appliance in Log Collector mode). Only the predefined administrator account with the default username (admin) is available on Dedicated Log Collectors.
- Modify the number of supported administrator accounts.Configure the total number of supported concurrent administrative accounts sessions for Panorama in the normal operational mode or in FIPS-CC mode. You can allow up to four concurrent administrative account sessions or configure Panorama to support an unlimited number of concurrent administrative account sessions.
You can also configure the total number of supported concurrent sessions by logging in to the Panorama CLI.admin>configureadmin#set deviceconfig setting management admin-session max-session-count <0-4>admin#set deviceconfig setting management admin-session max-session-time <0, 60-1499>admin#commitSelectandPanoramaAdministratorsAddan account.Enter a userNamefor the administrator.Select anAuthentication Profileor sequence if you configured either for the administrator.Select theAdministrator Type:
- Selectand edit the Authentication Settings.PanoramaSetupManagement
- Edit theMax Session Countto specify the number of supported concurrent sessions (range is0to4) allowed for all administrator and user accounts.Enter0to configure the firewall to support an unlimited number of administrative accounts.In FIPS-CC mode, the range is 1 to 4 with a default value of 4.
- Edit theMax Session Timein minutes for an administrative account. Default is720minutes.
- CommitandCommit to Panorama.
(Device Group and Template Admin only) In the Access Domain to Administrator Role section, clickAdd, select an Access Domain from the drop-down (see Configure an Access Domain), click the adjacent Admin Role cell, and select an Admin Role profile.ClickOKto save your changes.SelectandCommitCommit to PanoramaCommityour changes.
- Dynamic—Select a predefined administrator role.
- Device Group and Template Admin—Map access domains to administrative roles as described in the next step.
Recommended For You
Recommended videos not found.