What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control (RBAC)? (Choose two.)
What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control (RBAC)? (Choose two.)
The Palo Alto Networks firewalls support authentication and authorization for role-based access control (RBAC) through SAML and TACACS+. SAML (Security Assertion Markup Language) provides a framework for exchanging authentication and authorization data between security domains, allowing administrators to manage roles and access controls. TACACS+ (Terminal Access Controller Access-Control System Plus) also supports these functionalities by providing separate authentication, authorization, and accounting services, aligning with RBAC requirements. Both methods are designed to manage user roles and permissions efficiently on network devices.
The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. For details, see:
A. SAML1 B. TACACS+1 SAML (Security Assertion Markup Language): SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider1. TACACS+ (Terminal Access Controller Access-Control System Plus): TACACS+ is a protocol developed by Cisco and released as an open standard beginning in 19931. It provides separate authentication, authorization, and accounting services
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/authentication/authentication-types/external-authentication-services