(with Strata Cloud Manager or Panorama
configuration management)
NGFWs
(with Strata Cloud Manager or Panorama
configuration management)
At least one of these licenses is needed to manage your
configuration with Strata Cloud Manager; for unified
management of NGFWs and Prisma Access, you'll need both:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.
Locally store authentication information for administrators and end users. You can
store authentication information from administrators and end users who authenticate
using GlobalProtect or the Authentication portal.
To configure local database authentication, you create a database that runs locally
on the firewall and contains user accounts (usernames and passwords or hashed
passwords). You can configure a user database that is local to the firewall to
authenticate administrators who access the firewall web interface and to
authenticate end users who access applications through Authentication Portal or
GlobalProtect.
Local database authentication can be associated with an authentication profile so
they can accommodate deployments where different sets of users require different
authentication settings, such as Kerberos single sign-on (SSO) or multi-factor
authentication (MFA) . For administrator accounts that use an authentication
profile, password complexity and expiration settings aren’t applied. This
authentication method is available to administrators who access the firewall and end
users who access services and applications through Authentication Portal or
GlobalProtect.
Go to ManageConfigurationNGFW and Prisma AccessIdentity ServicesLocal Users & Groups to start collecting authentication data.
Create a Local User
Log in to Strata Cloud Manager.
Select ManageConfigurationNGFW and Prisma AccessIdentity ServicesLocal Users & GroupsLocal Users and select the Configuration Scope where you want to create a
local user.
You can select a folder or firewall from your
Folders or select
Snippets to configure a local user in a
snippet.
Add Local User.
Enter the user Name.
Verify that the local user is Enabled.
Rather than deleting a local user from the local firewall database
for authentication, you can uncheck (disable) so that the user is no
longer enabled for authentication.
Group multiple local users into a single local group to add group information to
the local firewall database. You can create a local user group to manage
multiple local users who have the same authentication requirements.
Log in to Strata Cloud Manager.
Select ManageConfigurationNGFW and Prisma AccessIdentity ServicesLocal Users & GroupsLocal User Groups and select the Configuration Scope where you want to create a
local user group.
You can select a folder or firewall from your
Folders or select
Snippets to configure a local user group in a
snippet.
Add Local User Group.
Enter a local user group Name.
Add the Local Users you created in the previous
step.