topic Group-based authorization for Azure SAML users in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/group-based-authorization-for-azure-saml-users/m-p/562218#M4525 <P class="_1qeIAgB0cPwnLhDF9XSiJM">We now have finished the integration of GlobalProtect with<SPAN>&nbsp;</SPAN><CODE class="_34q3PgLsx9zIU5BiSOjFoM">Azure SAML</CODE>, the authentication process is running properly without any issue. However, because of different types of users:<SPAN>&nbsp;</SPAN><STRONG class="_12FoOEddL7j_RgMQN0SNeU">staff</STRONG>,<SPAN>&nbsp;</SPAN><STRONG class="_12FoOEddL7j_RgMQN0SNeU">vendor</STRONG><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><STRONG class="_12FoOEddL7j_RgMQN0SNeU">admin</STRONG>, which required more precise permission management for each group of users. I have tried searching online, but cannot get a viable way to make it work.</P> <P class="_1qeIAgB0cPwnLhDF9XSiJM">&nbsp;</P> <P class="_1qeIAgB0cPwnLhDF9XSiJM">My understanding behind the expected solution is to retrieve the group attribute from SAML, then I should be able to write specific security policies based on that group to manage the access of the authorized users.</P> Wed, 18 Oct 2023 08:33:20 GMT EiMJiaxinY 2023-10-18T08:33:20Z Group-based authorization for Azure SAML users https://live.paloaltonetworks.com/t5/globalprotect-discussions/group-based-authorization-for-azure-saml-users/m-p/562218#M4525 <P class="_1qeIAgB0cPwnLhDF9XSiJM">We now have finished the integration of GlobalProtect with<SPAN>&nbsp;</SPAN><CODE class="_34q3PgLsx9zIU5BiSOjFoM">Azure SAML</CODE>, the authentication process is running properly without any issue. However, because of different types of users:<SPAN>&nbsp;</SPAN><STRONG class="_12FoOEddL7j_RgMQN0SNeU">staff</STRONG>,<SPAN>&nbsp;</SPAN><STRONG class="_12FoOEddL7j_RgMQN0SNeU">vendor</STRONG><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><STRONG class="_12FoOEddL7j_RgMQN0SNeU">admin</STRONG>, which required more precise permission management for each group of users. I have tried searching online, but cannot get a viable way to make it work.</P> <P class="_1qeIAgB0cPwnLhDF9XSiJM">&nbsp;</P> <P class="_1qeIAgB0cPwnLhDF9XSiJM">My understanding behind the expected solution is to retrieve the group attribute from SAML, then I should be able to write specific security policies based on that group to manage the access of the authorized users.</P> Wed, 18 Oct 2023 08:33:20 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/group-based-authorization-for-azure-saml-users/m-p/562218#M4525 EiMJiaxinY 2023-10-18T08:33:20Z