Configure Local Database Authentication
You can use a local firewall database instead of an external service to manage user account credentials and authentication. For example, you might create a local database of users and user groups for specialized purposes if you don’t have permission to add them to the directory servers that your organization uses to manage regular accounts and groups. Local database authentication is available for firewall administrators and for Captive Portal and GlobalProtect end users.
If your network supports Kerberos single sign-on (SSO), you can configure local authentication as a fall-back in case SSO fails. For details, see Configure Kerberos SSO and External or Local Authentication for Administrators. You can also Configure an Administrative Account to use local account management and authentication without a local database, but only for firewall administrators.
Configure Local Database Authentication
Configure the user account. Select Device > Local User Database > Users and click Add. Enter a user Name for the administrator. Enter a Password and Confirm Password or enter a Password Hash. Enable the account (enabled by default) and click OK.
Configure a user group. Required if your users require group membership. Select Device > Local User Database > User Groups and click Add. Enter a Name to identify the group. Add each user who is a member of the group and click OK.
Configure an authentication profile. Set the authentication Type to Local Database.
Assign the authentication profile to an administrator account or firewall service. Administrators— Configure an Administrative Account: Specify the Name of a user you defined in Step 1. Assign the Authentication Profile that you configured for the account. End users—For all services, you must assign the Authentication Profile that you configured for the accounts: Configure Captive Portal. Configure the GlobalProtect portal. Configure the GlobalProtect gateway.
Verify that the firewall can communicate with the authentication server. Test a Local Database Authentication Profile.

Related Documentation