Palo Alto Network VPN configuration for the LastPass Universal Proxy LDAP protocol

    Add an LDAP server profile

    In the Palo Alto Network, go to Device > Server Profiles > LDAP and Add a new LDAP Server Profile.
    1. In the Server List group box, click Add and set the following:

      • Enter a Name to identify the server.
      • Enter the LDAP Server IP address or FQDN.
      • Enter a Port number, default is 389 for authentication.

    2. In the Server Settings group box, select your LDAP server Type.
    3. Set the Base DN.
    4. Set the Bind DN.
    5. Set the Password.
    6. Set the Bind Timeout.
    7. Click OK.

    Assign the LDAP server profile to an authentication profile

    1. Go to Device > Authentication Profile and click Add.
      1. Set a profile Name.
      2. For the Type drop-down menu, select LDAP.
      3. For the Server Profile drop-down menu, select the previously configured LDAP profile.
      4. Set the Login Attribute to samAccountName.

    2. On the Authentication Profile window, click the Advanced tab.
    3. In the Allow List group box, Add the users and groups that are allowed to authenticate with this authentication profile.

    4. Click OK to save the authentication profile.


      In order to minimize push notifications/credential requests during a session, perform the steps described in How to generate cookies on GlobalProtect Portal and use cookies for Gateway Authentication.

    Results: You have now configured LDAP authentication for your Palo Alto VPN.