Introduction, Scope of document, Prerequisites – HID Palo Alto Networks and ActivID AAA User Manual
Page 3: 0 introduction
HID Global and Palo Alto Networks Integration | Integration Handbook
External Release | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page | 3
1.0 Introduction
Palo Alto Networks GlobalProtect provides security for host systems, such as laptops, that are used in the field by
allowing easy and secure login from anywhere in the world. With GlobalProtect, users are protected against
threats even when they are not on the enterprise network, and application and content usage is controlled on the
host system to prevent leakage of data, etc. This document covers the configuration of GlobalProtect with ActivID
AAA for remote access VPN with HID Global solutions.
The HID Global Identity Assurance solutions that work with Palo Alto Networks incorporate VPN solutions that are
versatile, with strong authentication that is flexible, scalable, and simple to manage. HID Global Identity
Assurance offers two solutions:
ActivID
®
AAA Server for Remote Access addresses the security risks associated with a mobile
workforce remotely accessing systems and data.
ActivID
®
Appliance offers support for multiple authentication methods that are useful for diverse
audiences across a variety of service channels (SAML, Radius, etc.), including user name and
password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.
1.1
Scope of Document
This document describes how to set up ActivID AAA authentication with Palo Alto Networks GlobalProtect to
enable authentication via a hard/soft token or an OTP received by Email/SMS using an SSL-protected Palo Alto
Networks VPN.
1.2
Prerequisites
ActivID AAA Server is up-to-date (version 6.7) with LDAP users and groups already configured.
For OOB authentication (optional):
There is an existing Short Message Peer-to-Peer Protocol (SMPP) gateway to send one-
time-password OOB codes to users.
User phone numbers are declared in a functioning LDAP server.
Palo Alto Networks PAN OS 6.0 and later
GlobalProtect is already installed