{in)secure

Appearance

User-ID Integrated Agent

Create Service Account

DO NOT SKIP THIS

WARNING

We must start to create a service account by following the official documentation.

Retrieve UserID from Windows Active Directory Server

To Connect a PA Firewall to an existing active directory we must configure the UserID Agent Setup

Device> User Identification> User Mapping

Fill your domain information as follow:

  • Username: your_domain\service_account
  • Domains DNS Name: your domain name
  • Password: service account password
  • Kerberos Server profile: create new

Kerberos Server profile:

Choose a Profile name and declare your domain controllers that your Firewall can reach.

Server Monitor

Chose type as Microsoft Active Directory and WINRM-HTTP as Transport protocol.

Network address is the FQDN of the server with AD Role.

Tip: if you Hit Discover on Server Monitor these will be populated automatically.

If everything was setup correctly you should see Status Connected.

IMPORTANT

DANGER

The service account user MUST be on Remote Management Users Builtin Group or you will get an Access Denied message.

Published by Gonçalo Pires

Please always use offical documentation, this is a community page.

Copyleft © 2025