ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall. This setting here is only available for RADIUS, TACACS and SAML Authentication method. The goal here is to make sure that the Firewall Administrators are having any external method of Authentication such as Ldap, Kerberos, Radius etc so that we can rely up on external Authentication to login to the device and depend on one or two local authentication as backup only option. Having external authentication helps in having all Auth requests in single place and depend on them as they are designed for standard Authentication process, added services, track ability etc. If Authentication profile is not defined then it checks for Administrators configuration section to check if the each administrator is configured with Authentication profile of type external authentication. It allows only two local Admin accounts and the rest should be external to pass the check. The two local admin accounts help as backup accounts to access management if the external authentication fails or not available temporarily.