Palo Alto Networks

With Centrify as your Privileged Access Service, you can choose single-sign-on (SSO) access to the Palo Alto Networks web applications with SP-initiated SAML SSO for SSO access directly through the Palo Alto Networks web application.

If Palo Alto Networks is the first application you are configuring for SSO through Privileged Access Service, read these topics before you get started:

Continue with Palo Alto Networks SSO Requirements.

Palo Alto Networks SSO Requirements

Before you can configure Palo Alto Networks for SSO, you need the following:

  • An active Palo Alto Networks account that has account administrator rights for your organization.

Adding and Configuring Palo Alto Networks in the Admin Portal

Configuring SSO for Palo Alto Networks

The following steps are specific to the Palo Alto Networks application and are required in order to enable SSO for Palo Alto Networks. For information on optional Centrify Admin Portal configuration settings that you may wish to customize for your app, see Optional configuration settings.

For more information about Palo Alto Networks

Palo Alto Networks Support:

https://live.paloaltonetworks.com/t5/custom/page/page-id/Support

Palo Alto Networks specifications

Each SAML application is different. The following table lists features and functionality specific to Palo Alto Networks.

Capability

Supported?

Support details

Web browser client

No

 

Mobile client

No

 

SAML 2.0

Yes

 

SP-initiated SSO

Yes

 

IdP-initiated SSO

No

 

Force user login via SSO only

Yes

After a user is configured to use SSO, they can only use SSO.

Separate administrator login
after SSO is enabled

No

We recommend that you always keep one admin user who does not use SSO.

User or Administrator lockout risk

Yes

We recommend that you always keep one admin user who does not use SSO.

Automatic user provisioning

No

 

Multiple User Types

Yes

Admin and User.

Self-service password

Yes

 

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.