topic Migrate GlobalProtect users from LDAP portal to SAML portal in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/migrate-globalprotect-users-from-ldap-portal-to-saml-portal/m-p/516055#M3193 <P>Dear community,</P> <P>&nbsp;</P> <P>Pleae could someone help with my GlobalProtect transition from LDAP to SAML ?</P> <P>&nbsp;</P> <P>The SAML side of things has been setup and tested. I would now like to move from one portal and gateway (using LDAP auth) to new ones using SAML auth but I am struggling to see how to do this transparently for all our users with minimal disruption or manual intervention from IT.</P> <P>&nbsp;</P> <P><EM><STRONG>Example:</STRONG></EM></P> <P><EM>Windows domain managed by GPOs. </EM></P> <P><EM>Current portal &amp; gateway IP:&nbsp; 50.0.0.1 (LDAP auth)</EM></P> <P><EM>New portal &amp; gateway IP: 60.0.0.1 (SAML auth using auth cookie)<BR /></EM></P> <P>&nbsp;</P> <P><U>I would like to push the new portal IPs to my GP clients and change the preference so the GP clients will use those new IPs automatically. As a result my users should automatically authenticate to the new SAMP portal and gateway. &nbsp;</U></P> <P>&nbsp;</P> <P>I'm struggling to achieve this. There is a reg key for Windows but that only defines the IP that you get when you install the GP client for for the first time. I won't change anything after the GP client has been installed. Am I missing anything?</P> <P>&nbsp;</P> <P>I could push new client install from SCCM but again this will cause disruption and will only add a single IP from what I can tell.</P> <P>&nbsp;</P> <P>Any advice would be much appreciated. I need to do this for over a 1000 users around the world.</P> <P>&nbsp;</P> <P>Thank you</P> <P>Michal</P> Tue, 27 Sep 2022 11:37:08 GMT MichalVavrinec 2022-09-27T11:37:08Z Migrate GlobalProtect users from LDAP portal to SAML portal https://live.paloaltonetworks.com/t5/globalprotect-discussions/migrate-globalprotect-users-from-ldap-portal-to-saml-portal/m-p/516055#M3193 <P>Dear community,</P> <P>&nbsp;</P> <P>Pleae could someone help with my GlobalProtect transition from LDAP to SAML ?</P> <P>&nbsp;</P> <P>The SAML side of things has been setup and tested. I would now like to move from one portal and gateway (using LDAP auth) to new ones using SAML auth but I am struggling to see how to do this transparently for all our users with minimal disruption or manual intervention from IT.</P> <P>&nbsp;</P> <P><EM><STRONG>Example:</STRONG></EM></P> <P><EM>Windows domain managed by GPOs. </EM></P> <P><EM>Current portal &amp; gateway IP:&nbsp; 50.0.0.1 (LDAP auth)</EM></P> <P><EM>New portal &amp; gateway IP: 60.0.0.1 (SAML auth using auth cookie)<BR /></EM></P> <P>&nbsp;</P> <P><U>I would like to push the new portal IPs to my GP clients and change the preference so the GP clients will use those new IPs automatically. As a result my users should automatically authenticate to the new SAMP portal and gateway. &nbsp;</U></P> <P>&nbsp;</P> <P>I'm struggling to achieve this. There is a reg key for Windows but that only defines the IP that you get when you install the GP client for for the first time. I won't change anything after the GP client has been installed. Am I missing anything?</P> <P>&nbsp;</P> <P>I could push new client install from SCCM but again this will cause disruption and will only add a single IP from what I can tell.</P> <P>&nbsp;</P> <P>Any advice would be much appreciated. I need to do this for over a 1000 users around the world.</P> <P>&nbsp;</P> <P>Thank you</P> <P>Michal</P> Tue, 27 Sep 2022 11:37:08 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/migrate-globalprotect-users-from-ldap-portal-to-saml-portal/m-p/516055#M3193 MichalVavrinec 2022-09-27T11:37:08Z