[PacketFence-users] Palo Alto XML API roles

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Just a quick question here: in all the documentation I've seen for
connecting PacketFence to a Palo Alto firewall for SSO, the
instructions state to grant the API account access to *everything*,
rather than just the User-ID part of the API. Does it really need all
that? I like the idea of that integration, but I don't think it'll fly
if it means creating a non-expiring admin account with full system
access. I can try running it with just the User-ID privileges, but I
figured I'd check here first to see if anyone knows for sure. Thanks!