>
    Kerberos Authentication for Explicit Proxy Deployments
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Mobile Users
    4. Mobile Users: Explicit Proxy
    5. Kerberos Authentication for Explicit Proxy Deployments
    Download PDF
    Prisma Access

    Kerberos Authentication for Explicit Proxy Deployments

    Table of Contents

    Kerberos Authentication for Explicit Proxy Deployments

    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access
       license
    Prisma Access Mobile—Explicit Proxy deployments support Kerberos authentication. If you have servers, IoT devices, or headless machines that cannot authenticate using SAML, you can use Kerberos authentication instead.
    If your deployment uses both SAML and Kerberos for authentication, you can configure both authentication types in a single Explicit Proxy deployment. In this way, you can authenticate mobile users with SAML while authenticating servers, IoT devices or headless machines with Kerberos.
    Prisma Access
     Explicit Proxy processes the authentication depending on the port used for the authentication traffic:
    • If the authentication traffic uses port 8080, Explicit Proxy uses SAML authentication.
    • If the authentication traffic uses port 8081, Explicit Proxy uses Kerberos authentication.
    If only one port is configured, the port that is not configured uses the same authentication profile as the configured port.
    Kerberos SSO is available only for endpoints and systems that have access to your Kerberos infrastructure. Endpoints and systems without access to the Kerberos infrastructure must use SAML SSO.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.