How to Integrate Palo Alto VPN with JumpCloud LDAP

When using Palo Alto Networks VPN LDAP integration, here are the basic settings to configure authentication with JumpCloud’s hosted LDAP service:

See Using JumpCloud’s LDAP-as-a-Service to obtain the JumpCloud specific settings required below.

LDAP Server Profile

Type: other
Base: ou=Users,o=<your-organization-id>,dc=jumpcloud,dc=com 
Bind DN: uid=<ldap-binding-user>,ou=Users,o=<your-organization-id>,dc=jumpcloud,dc=com
Bind & Confirm Bind Password: <ldap-binding-user’s-password>
Require SSL/TLS secured connection: Checked 

LDAP Server Profile

Group Mapping

Group Objects

Search Filter: (blank)
Object Class: groupOfNames
Group Name: cn
Group Member: uid, member

User Objects

Search Filter: (blank)
Object Class: inetOrgPerson
User Name: uid

Mail Domains

Mail Attributes: mail

LDAP Group Mapping

Authentication Profile

Type: LDAP
Login Attribute: uid
Username Modifier: %USERINPUT%

LDAP Authentication Profile

Ref: Configuring a Palo Alto Networks Firewall to use JumpCloud’s LDAP-as-a-Service