Strata Cloud Manager
Manage: Authentication Profiles
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Manage: Authentication Profiles
Learn to configure the types of Authentication Profiles.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
An authentication profile defines the authentication service that validates the login
credentials of administrators who access the firewall web interface and end users
who access applications through Captive Portal or GlobalProtect. The authentication
profile also defines options such as single sign-on (SSO).
Kerberos
Learn to configure Kerberos authentication Profiles.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
Kerberos is a computer network authentication protocol that uses tickets to allow
nodes that communicate over a non-secure network to provide their identity to one
another in a secure manner.
The authentication profile specifies the server profile that the portal or gateways
use when they authenticate users. Follow these steps to set up Kerberos
authentication profile for Explicit Proxy mobile users to connect to Prisma Access,
for administrators to connect to the firewall web interface, and for end users to
log in to the Authentication Portal.
- Go to ManageConfigurationIdentity ServicesAuthenticationAuthentication Profiles and Add Profile.
- Select the Authentication Method: Kerberos.
- Enter the Profile Name to identify the server profile. The authentication profile specifies the server profile that the portal or gateways use when they authenticate users.
- Enter the Kerberos Realm (up to 127 characters) to specify the hostname portion of the user login name. For example, the user account name user@EXAMPLE.LOCAL has the realm EXAMPLE.LOCAL.
- Import a Kerberos Keytab file which contains the Kerberos account information. When prompted, browse for the keytab file, and then click Save. During authentication, the endpoint first attempts to establish SSO using the keytab.
- Choose the Kerberos Keytab.
- Click Save.
Cloud Identity Engine
Learn to configure Cloud Identity Engine authentication profiles.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
The Cloud Identity Engine (CIE) is used for identifying and authenticating users in
firewall web interfaces and mobile users in a Prisma Access Explicit Proxy
deployment. In Prisma Access, the Cloud Identity Engine integrates with the Explicit
Proxy Authentication Cache Service (ACS) and uses SAML identity providers (IdPs) to
provide authentication for Explicit Proxy mobile users.
To authenticate users using Cloud Identity Engine, you must configure an
authentication profile.
The SAML/CIE authentication method is displayed only if the Cloud Authentication
Service (CAS) is enabled. If the CIE authentication or CAS is not supported on
your Prisma Access tenant, then it shows only the SAML authentication
method.
Before you begin:
- Review the Explicit Proxy guidelines.
- Set up an authentication profile in the Cloud Identity Engine.
- Go to ManageConfigurationIdentity ServicesAuthentication, set the configuration scope to Explicit Proxy and Add Profile under Authentication Profiles.
- Select the Authentication Method: Cloud Identity Engine.
- Enter a unique Profile Name.
- Select the Cloud Identity Engine authentication Profile you configured in the Cloud Identity Engine.
- Save your changes.