Authentication Features
Focus
Focus

Authentication Features

Table of Contents
End-of-Life (EoL)

Authentication Features

Learn about the new authentication features in PAN-OS® 10.0.
New Authentication Feature Description
Enhanced Authentication Logging
(Available with PAN-OS® 10.0.4 and later 10.0 releases)
NewAuthentication Log fields are now available for Panorama. These log fields allow you to view new information such as Region, User Agent and Session ID in your Authentication logs for troubleshooting and to support features in future releases.
Authentication Portal Exclusion for Predefined Domains
Many applications require access to the internet for updates or other services, but in some cases, the Authentication policy may block access. To easily exclude benign background application traffic (such as Windows Update) on user devices from Authentication policy and prevent service interruption, you can use a new external dynamic list (EDL): the Palo Alto Networks Authentication Portal Exclude List. Palo Alto Networks maintains and updates this EDL so that you don't need to manually discover and add all the domains that background applications use to an allow list.
Improved Authentication Rate for Large-Scale Deployments
To enforce Authentication policy in environments with large numbers of users, the firewall now uses a multi-threaded process to simultaneously authenticate more users with protocols such as Security Assertion Markup Language (SAML), Kerberos, or the MFA API.
TLS Encryption for Email Server Profiles
You can now configure the firewall and Panorama to send all data for an email server profile, including aggregated logs and reports, over an encrypted TLS connection (as long as the email server supports it). Using an encrypted TLS connection to securely send reports and logs prevents security risks, supports cloud-based email servers that require encryption, and helps ensure compliance with security audits.