Learn to configure the types of Authentication Profiles.
Where Can I Use
This?
What Do I Need?
Prisma Access
(Cloud Management)
Prisma Access
license
An authentication profile defines the authentication service that validates the login
credentials of administrators who access the firewall web interface and end users
who access applications through Captive Portal or GlobalProtect. The authentication
profile also defines options such as single sign-on (SSO).
Learn to configure Kerberos authentication Profiles.
Where Can I Use
This?
What Do I Need?
Prisma Access
(Cloud Management)
Prisma Access
license
Kerberos is a computer network authentication protocol that uses tickets to allow
nodes that communicate over a non-secure network to provide their identity to one
another in a secure manner.
The authentication profile specifies the server profile that the portal or gateways
use when they authenticate users. Follow these steps to set up Kerberos
authentication profile for Explicit Proxy mobile users to connect to Prisma
Access.
Go to
Manage
Configuration
Identity Services
Authentication
Authentication Profiles
and
Add Profile
.
Select the
Authentication Method
:
Kerberos
.
Enter the
Profile Name
to identify the server profile.
The authentication profile specifies the server profile that the portal or
gateways use when they authenticate users.
Enter the
Kerberos Realm
(up to 127 characters) to
specify the hostname portion of the user login name. For example, the user
account name user@EXAMPLE.LOCAL has the realm EXAMPLE.LOCAL.
Import
a
Kerberos Keytab
file
which contains the Kerberos account information. When prompted, browse for the
keytab file, and then click
Save
. During authentication,
the endpoint first attempts to establish SSO using the keytab.
Choose the
Kerberos Keytab
.
Click
Save
.
Cloud Identity Engine
Learn to configure Cloud Identity Engine authentication profiles.
Where Can I Use
This?
What Do I Need?
Prisma Access
(Cloud Management)
Prisma Access
license
The Cloud Identity Engine (CIE) provides both user identification and user
authentication for mobile users in a Prisma Access—Explicit Proxy deployment. The
Cloud Identity Engine integrates with the Explicit Proxy Authentication Cache
Service (ACS) and uses SAML identity providers (IdPs) to provide authentication for
Explicit Proxy mobile users.
Configure an authentication profile to authenticate users with the Cloud Identity
Engine.
The SAML/CIE authentication method is displayed only if the Cloud Authentication
Service (CAS) is enabled. If the CIE authentication or CAS is not supported on your
Prisma Access tenant, then it shows only the SAML authentication method.