Scribd
Upload
254 views9 pages

Palo Alto LDAP Integration

This document provides instructions for configuring a Palo Alto Networks User-ID agent to integrate with an Active Directory server for user identification and group mapping. The steps include: 1) Creating a user in Active Directory, 2) Configuring the User-ID agent authentication settings using the Active Directory user, 3) Configuring the User-ID agent cache and service port settings, 4) Adding the Active Directory server profile, 5) Adding the User-ID agent, 6) Configuring group mapping settings, and 7) Adding users to group mapping lists.

Uploaded by

Clayvon Calacal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
254 views9 pages

Palo Alto LDAP Integration

This document provides instructions for configuring a Palo Alto Networks User-ID agent to integrate with an Active Directory server for user identification and group mapping. The steps include: 1) Creating a user in Active Directory, 2) Configuring the User-ID agent authentication settings using the Active Directory user, 3) Configuring the User-ID agent cache and service port settings, 4) Adding the Active Directory server profile, 5) Adding the User-ID agent, 6) Configuring group mapping settings, and 7) Adding users to group mapping lists.

Uploaded by

Clayvon Calacal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

1.

Create user with the following member of:


2. Open Palo Alto Networks User-ID Agent.
User Identification > Setup >Authentication
3. On the “User name for Active Directory” insert created user: “user logon name@domain”
Please see below image for reference.

4. Go to User Identification > Setup > Cache


User Identification Timeout (minutes) :180
5. Go to User Identification > Setup > Agent Service
User-ID Service TCP Port: 5007
If error below happens:

Go to:

Local Security Policy > Security Setting > Local Policies > User Rights Assignment

Search Log on as a Service and add created username

Then return to User-Id Agent. Save and Commit.


Return to User Id
6. Go to device > Server Profiles > LDAP and Press ADD

Fill the Details:

Profile Name: (Depends on you)

Server list: (Name depends on you, LDAP Server: IP of Active Directory, Port is 389)

Server Setting: Type: Active Directory, Base DN: DC= clients AD, DC=com, Bind DN: created username

Fill Bind DN using


[email protected]
7. Go to Device > User Identification > User ID Agents

Press Add and fill the required

Name: (depends on you)

Add an Agent Using: Click Host and Port

Host: ( Ip address off Active Directory )


Port: 5007

8. Go to Device > User Identification > Group Mapping Setting the click ADD

9. Fill up the required blank:


10. Go to Device > User Identification > Group Mapping Setting > Group Include List

Add the Users per User Group:

You might also like