- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-27-2019 01:10 AM
HI every one ,
any one help me to configure signle sign on in palo alto . as per my expirence we use to have agent in fortinet for sso. but in palo alto, i never configure SSO before and i,m not able to find any SSO Step by step,
We have Active directory Envirement and Palo Alto 3220 HA .
any link or video
01-27-2019 09:26 AM
What you are searching for on Paloalto Firewalls is simply called "User-ID" and the corresponding part to Fortinet FSSO is done with User-ID Agents. This agent can either be configured directly on the firewall or on a windows server and queries the Active Directory Servers, Exchange Servers or File/Peintservers for logginevent to get a User-IP-Mapping and to enable user based policies without bothering the users with an additional login.
On this documentation website you can find some informations: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id.html
Or a tutorial video here: https://youtu.be/NYAYjvNpSu0
And an article from the getting started series here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK
Regards,
Remo
01-27-2019 09:26 AM
What you are searching for on Paloalto Firewalls is simply called "User-ID" and the corresponding part to Fortinet FSSO is done with User-ID Agents. This agent can either be configured directly on the firewall or on a windows server and queries the Active Directory Servers, Exchange Servers or File/Peintservers for logginevent to get a User-IP-Mapping and to enable user based policies without bothering the users with an additional login.
On this documentation website you can find some informations: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id.html
Or a tutorial video here: https://youtu.be/NYAYjvNpSu0
And an article from the getting started series here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK
Regards,
Remo
02-02-2019 06:08 AM
hi @Remo
Thanks for your reply . now i configured LDAp and User ID agent on my domain . and all working fine but i am facing issue
i am trying to use authentication policy (captival Portal for non domain users) but after applying web-form authentication policy all users are getting captival portal page even they are domain users,
also if i configure browser challenge . all user can browse with out captival portal include domain and non domain
please help .
02-02-2019 08:19 AM
Did you verify if the IP-user-mappings are present on the firewall? If you can answer this with yes, did you configure the authentication policy rule for any user or only for unknown users?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!