Single Sign on configuration

Reply
Highlighted
L0 Member

Single Sign on configuration

HI every one ,

 

 any one help me to configure signle sign on in palo alto . as per my expirence we use to have agent in fortinet for sso. but in palo alto, i never configure SSO before and i,m not able to find any SSO Step by step, 

 

We have Active directory Envirement and Palo Alto 3220 HA .

 

any link or video 

 

 


Accepted Solutions
Highlighted
Cyber Elite

Re: Single Sign on configuration

Hi @sabirHussain

 

What you are searching for on Paloalto Firewalls is simply called "User-ID" and the corresponding part to Fortinet FSSO is done with User-ID Agents. This agent can either be configured directly on the firewall or on a windows server and queries the Active Directory Servers, Exchange Servers or File/Peintservers for logginevent to get a User-IP-Mapping and to enable user based policies without bothering the users with an additional login.

On this documentation website you can find some informations: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id.html

Or a tutorial video here: https://youtu.be/NYAYjvNpSu0

And an article from the getting started series here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK

 

Regards,

Remo

View solution in original post


All Replies
Highlighted
Cyber Elite

Re: Single Sign on configuration

Hi @sabirHussain

 

What you are searching for on Paloalto Firewalls is simply called "User-ID" and the corresponding part to Fortinet FSSO is done with User-ID Agents. This agent can either be configured directly on the firewall or on a windows server and queries the Active Directory Servers, Exchange Servers or File/Peintservers for logginevent to get a User-IP-Mapping and to enable user based policies without bothering the users with an additional login.

On this documentation website you can find some informations: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id.html

Or a tutorial video here: https://youtu.be/NYAYjvNpSu0

And an article from the getting started series here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK

 

Regards,

Remo

View solution in original post

Highlighted
L0 Member

Re: Single Sign on configuration

hi @vsys_remo  

 

   Thanks for your reply . now i configured LDAp and User ID agent on my domain . and all working fine but i am facing issue 

 

i am trying to use authentication policy (captival Portal for non domain users) but after applying web-form authentication policy all users are getting captival portal page even they are domain users,

also if i configure browser challenge . all user can  browse with out captival portal  include domain and non domain 

 

please help .

Highlighted
Cyber Elite

Re: Single Sign on configuration

Hi @sabirHussain

 

Did you verify if the IP-user-mappings are present on the firewall? If you can answer this with yes, did you configure the authentication policy rule for any user or only for unknown users?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!