1. In the Palo Alto NGFW admin portal, go to Policies > Authentication, and then click Add.
    The Authentication Policy Rule window is displayed.
    A screen capture of the Authentication Policy Rule window on the General tab showing the fields for Name, Description, Tags, Group Rules by Tag, and Audit Comment. There is a hyperlink for Audit Comment Archive..
  2. On the General tab, enter a name for the rule in the Name field.
  3. On the Source tab, from the Source Zone list, select an option.

    A screen capture of the Source tab. There are two source lists shown: Source Zone and Source Address. Each list has a check box option for Any. It is selected for the Source Address list. The Source Zone list shows the option corp-vpn. Each list also has an Add plus sign button. The bottom of the tab has a check box for Negate. The bottom of the window has the OK and Cancel buttons.
  4. On the Destination tab, from the Destination Zone list, select an option.

    A screen capture of the Destination tab.There are two destination lists shown: Destination Zone and Destination Address. Each list has a check box option for Any. It is selected for the Destination Address list. The Destination Zone list shows the option trusted. Each list also has an Add plus sign button. The bottom of the tab has a check box for Negate. The bottom of the window has the OK and Cancel buttons.
  5. On the Service tab, select the services or URL categories to protect.

    A screen capture of the Service/URL Category tab.There are two lists shown: Service and URL Category. The Service list has a drop-down selection list above it and the URL Category list has a check box option for Any, which is selected in this screen capture. The Service list shows the options service-http and service-https. Each list also has an Add plus sign button. The bottom of the window has the OK and Cancel buttons.
  6. On the Actions tab, from the Authentication Enforcement list, select the authentication enforcement that you created in the previous section. Click OK.

    A screen capture of the Actions tab with the Authentication Enforcement field showing the selected authentication enforcement previously created.
For further information, see Authentication Policies.