https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/565126#M4610 <P>we resolved it with a registry entry, only for edge at the moment. if you manage to implement the same for Firefox and Chrome, please let me know to take advantage of it <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>&nbsp;</P> <P>$RegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Edge'<BR />$Name = 'AutoLaunchProtocolsFromOrigins'<BR />$type = 'String'<BR />$Value = '[{\"allowed_origins\": [\"<A href="https://vpn2.xxx.yyy.zzz/\" target="_blank">https://vpn2.xxx.yyy.zzz/\</A>"],\"protocol\": \"globalprotectcallback\"}]'<BR />New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType $type -Force</P> Fri, 10 Nov 2023 09:19:31 GMT JoseCortijo 2023-11-10T09:19:31Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/516369#M3203 <P>Hi all,</P> <P>I recently integrated Azure MFA via SAML with GlobalProtect and it works flawless. The only little issue is a popup that always appears whenever the authentication process is about to be completed. I guess this is the browser communicating with the global protect app , necessary to complete the tunnel creation.&nbsp;</P> <P>&nbsp;</P> <P>Any idea about how to stop this from happening?&nbsp;I am pretty sure that this is done via an URLAllowList registry entry but I dont know which extension I should approve. So I decided to click on the chek to 'Allow this entry ...' and look for the entry and simply create that entry via script. But unfortunately I cannot find the registry entry. I tried in several location for different browsers without success.An example for Chrome would be</P> <P><A href="https://admx.help/?Category=Chrome&amp;Policy=Google.Policies.Chrome::URLAllowlist" target="_blank" rel="noopener">https://admx.help/?Category=Chrome&amp;Policy=Google.Policies.Chrome::URLAllowlist</A></P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> <P><BR /><BR />Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.</P><BR /><BR />Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended. Thu, 29 Sep 2022 15:21:56 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/516369#M3203 techreg 2022-09-29T15:21:56Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/564862#M4600 <P>Did you ever figure this out?</P> Wed, 08 Nov 2023 19:16:16 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/564862#M4600 LCMember319 2023-11-08T19:16:16Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/565126#M4610 <P>we resolved it with a registry entry, only for edge at the moment. if you manage to implement the same for Firefox and Chrome, please let me know to take advantage of it <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>&nbsp;</P> <P>$RegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Edge'<BR />$Name = 'AutoLaunchProtocolsFromOrigins'<BR />$type = 'String'<BR />$Value = '[{\"allowed_origins\": [\"<A href="https://vpn2.xxx.yyy.zzz/\" target="_blank">https://vpn2.xxx.yyy.zzz/\</A>"],\"protocol\": \"globalprotectcallback\"}]'<BR />New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType $type -Force</P> Fri, 10 Nov 2023 09:19:31 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/565126#M4610 JoseCortijo 2023-11-10T09:19:31Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/587158#M5369 <P>$RegistryPath = 'HKLM:\SOFTWARE\Policies\Google\Chrome'<BR />$Name = 'AutoLaunchProtocolsFromOrigins'<BR />$Type = 'String'<BR />$Value = '[{\"allowed_origins\": [\"<A class="fui-Link ___1rxvrpe f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" title="https://vpn.sd8.bc.ca//%22],/%22protocol/%22:" href="https://vpn.sd8.bc.ca/\%22],\%22protocol\%22:" target="_blank" rel="noreferrer noopener" aria-label="Link https://vpn.sd8.bc.ca/\&quot;],\&quot;protocol\&quot;:">https://vpn.xxxx.yyy.zzz/\"],\"protocol\":</A> \"globalprotectcallback\"}]'</P> <P>&nbsp;</P> <P># Check if the registry path exists, and create it if it doesn't<BR />if (-not (Test-Path -Path $RegistryPath)) {<BR />&nbsp;&nbsp;&nbsp; New-Item -Path $RegistryPath -Force | Out-Null<BR />}</P> <P>&nbsp;</P> <P># Create or update the registry property<BR />New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType $Type -Force</P> <P><LI-WRAPPER></LI-WRAPPER></P> Fri, 17 May 2024 18:46:29 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-how-to-avoud-the-quot-open-globalprotect/m-p/587158#M5369 dan.faulks 2024-05-17T18:46:29Z