Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

24 GlobalProtect Administrator’s Guide

Set Up GlobalProtect User Authentication Set Up the GlobalProtect Infrastructure

Enable Two-Factor Authentication

Step 1 Create a server profile.

The server profile instructs the firewall

how to connect to an external

authentication service and access the

authentication credentials for your users.

Note If you are using LDAP to connect to

Active Directory (AD), you must create a

separate LDAP server profile for every

AD domain.

1. Select

Device > Server Profiles and select type of profile (LDAP,

Kerberos, or RADIUS).

2. Click

Add and enter a Name for the profile, such as

GP-User-Auth.

3. (LDAP only) Select the

Type of LDAP server you are

connecting to.

4. Click

Add in the Servers section and then enter information

required to connect to the authentication service, including the

server

Name, IP Address (or FQDN), and Port.

5. (RADIUS and LDAP only) Specify settings to enable the

firewall to authenticate to the authentication service as follows:

• RADIUS—Enter the shared

Secret when adding the server

entry.

• LDAP—Enter the

Bind DN and Bind Password.

6. (LDAP and Kerberos only) Specify where to search for users in

the directory service:

• LDAP—The

Base DN specifies where in the LDAP tree to

begin searching for users and groups. This field should

populate automatically when you enter the server address and

port. If it doesn’t, check the service route to the LDAP

server.

• Kerberos—Enter the Kerberos

Realm name.

7. Specify the

Domain name (without dots, for example acme not

acme.com). This value will be appended to the username in the

IP address to username mappings for User-ID.

8. Click

OK to save the server profile.

Step 2 Create an authentication profile.

The authentication profile specifies which

server profile to use to authenticate users.

You can attach an authentication profile

to a portal or gateway configuration.

1. Select

Device > Authentication Profile and click Add. a new

profile.

2. Enter a

Name for the profile and then select the Authentication

type (

LDAP, Kerberos, or RADIUS).

3. Select the

Server Profile you created in Step 1.

4. (LDAP AD) Enter

sAMAccountName as the Login Attribute.

5. Click

OK.