https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/351168#M1006 <P>I've been working on a similar problem and as we're in a hybrid Azure/O365 state, we've had to implement more infrastructure than simply authenticating AD users! To cut a&nbsp; long story short we've go this working using SAML authentication from our AzureAD and have a hybrid connector to sync on-prem AD with AAD</P><P>&nbsp;</P><P>If you've got GP on your VM working then it's pretty straight forward to configure SAML for SSO, following this article worked for us;</P><P><A href="https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial" target="_blank">https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial</A></P><P>&nbsp;</P><P>good luck&nbsp;</P> Tue, 22 Sep 2020 15:59:34 GMT benslade 2020-09-22T15:59:34Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/344952#M931 <P>I have a VM series firewall deployed in Azure with a VPN connection to my on-prem PA firewall.&nbsp; I have GP working on the VM firewall via local user database but I am unable to get the VM firewall to utilize my on-prem AD server to authenticate users.&nbsp; I have tried adjusting the service route but this does not work for dynamic-DHCP interfaces.&nbsp; How do I go about accomplishing this?</P> Fri, 21 Aug 2020 14:37:32 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/344952#M931 FCalderone 2020-08-21T14:37:32Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/345927#M936 <P>Hello,</P> <P>Where is the traffic failing? Check the traffic logs to see. Might need to make additional policies to allow it.</P> <P>&nbsp;</P> <P>Regards,</P> Fri, 28 Aug 2020 21:44:54 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/345927#M936 OtakarKlier 2020-08-28T21:44:54Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/351168#M1006 <P>I've been working on a similar problem and as we're in a hybrid Azure/O365 state, we've had to implement more infrastructure than simply authenticating AD users! To cut a&nbsp; long story short we've go this working using SAML authentication from our AzureAD and have a hybrid connector to sync on-prem AD with AAD</P><P>&nbsp;</P><P>If you've got GP on your VM working then it's pretty straight forward to configure SAML for SSO, following this article worked for us;</P><P><A href="https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial" target="_blank">https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial</A></P><P>&nbsp;</P><P>good luck&nbsp;</P> Tue, 22 Sep 2020 15:59:34 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/want-to-use-on-prem-ad-server-to-authenticate-users-on-vm-series/m-p/351168#M1006 benslade 2020-09-22T15:59:34Z