https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-azure-ad-mfa/m-p/506764#M2937 <P>I've recently setup and succesfully tested a new portal and gateway with Azure AD MFA and the global protect app.&nbsp; Currently i can log into my iphone app and I receive the portal auth, (LDAP) and then get prompted for the Microsoft sign in followed by the MFA (SAML), in my case I'm utilizing the MS authenticator app.</P><P>&nbsp;</P><P>All is good with this setup and configuration.&nbsp; The problem I'm seeing now is I cannot authenticate with the portal address via the Web using the url for the portal or from the global protect app on my windows laptop.&nbsp; Testing took place with the Global Protect iOS app.</P><P>&nbsp;</P><P>GP logs are not showing me enough to break down what is occuring, AUTH failed, portal config is null, portal status is user authentication failed.&nbsp; Monitor shows failed login, with "other" for auth method.</P><P>&nbsp;</P><P>Let me know what you would like to see from my logs to troubleshoot.&nbsp; I'm not seeing why this isnt working.&nbsp; Perhaps some conditional access settings on the MS side.</P><P>&nbsp;</P><P><LI-PRODUCT title="GlobalProtect" id="GlobalProtect"></LI-PRODUCT>&nbsp;</P> Tue, 28 Jun 2022 14:59:49 GMT danoman2 2022-06-28T14:59:49Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-azure-ad-mfa/m-p/506764#M2937 <P>I've recently setup and succesfully tested a new portal and gateway with Azure AD MFA and the global protect app.&nbsp; Currently i can log into my iphone app and I receive the portal auth, (LDAP) and then get prompted for the Microsoft sign in followed by the MFA (SAML), in my case I'm utilizing the MS authenticator app.</P><P>&nbsp;</P><P>All is good with this setup and configuration.&nbsp; The problem I'm seeing now is I cannot authenticate with the portal address via the Web using the url for the portal or from the global protect app on my windows laptop.&nbsp; Testing took place with the Global Protect iOS app.</P><P>&nbsp;</P><P>GP logs are not showing me enough to break down what is occuring, AUTH failed, portal config is null, portal status is user authentication failed.&nbsp; Monitor shows failed login, with "other" for auth method.</P><P>&nbsp;</P><P>Let me know what you would like to see from my logs to troubleshoot.&nbsp; I'm not seeing why this isnt working.&nbsp; Perhaps some conditional access settings on the MS side.</P><P>&nbsp;</P><P><LI-PRODUCT title="GlobalProtect" id="GlobalProtect"></LI-PRODUCT>&nbsp;</P> Tue, 28 Jun 2022 14:59:49 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-azure-ad-mfa/m-p/506764#M2937 danoman2 2022-06-28T14:59:49Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-azure-ad-mfa/m-p/508583#M2978 <P>I made some progress on this.&nbsp; First off, I made a mistake on the portal config.&nbsp; I had it set to iOS only and have since switched to "any" OS.&nbsp; Upon the commit I can now log into the portal via the web address.&nbsp; Confirming my ability to authenticate with the portal via another method other than the iOS app.&nbsp; I then moved on to the windows applicaiton.&nbsp; It however is still giving me an error.&nbsp; Currently getting error "failed to get client configuration".&nbsp; Any thoughts?</P> Tue, 12 Jul 2022 17:42:29 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-azure-ad-mfa/m-p/508583#M2978 danoman2 2022-07-12T17:42:29Z