https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-azure-saml/m-p/568230#M4700 <P>Hi All</P> <P>PA-VM running 11.0.02</P> <P>Global Protect 6.2.0</P> <P>&nbsp;</P> <P>After some advise/suggestions</P> <P>&nbsp;</P> <P>We are rolling out Global Protect for the first time and getting some strange results</P> <P>Portal and Gateway Configured to use Azure SAML in addition to this I have followed this article to try and make the whole process simple for users</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBMdCAO&amp;lang=en_US%E2%80%A9" target="_blank">Seamless SAML Authentication with default-browser for GlobalPro... - Knowledge Base - Palo Alto Networks</A></P> <P>&nbsp;</P> <P>Both our Azure MFA Sign-in Frequency and Authentication Override cookies are set to 1 hour.</P> <P>&nbsp;</P> <P>On first login everything seems to work ok and if we attempt to disconnect and reconnect VPN within an hour everything seems to work fine and users can connect without needing to authenticate, however after that hour has passed (I assume the Azure cookie timestamps)&nbsp; then the problems start and users get a mixture of issues - the most common one is Finding Best Gateway just sits there and you might get a second browser open (presumably from the Gateway) advising that authentication is successful and to "click here" to launch global protect but this works intermittently but most times Find Best Gateway just sits there...</P> <P>&nbsp;</P> <P>Anyone setup Global Protect in this way or have any pointers appreciated</P> Mon, 04 Dec 2023 15:30:09 GMT PBassett 2023-12-04T15:30:09Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-azure-saml/m-p/568230#M4700 <P>Hi All</P> <P>PA-VM running 11.0.02</P> <P>Global Protect 6.2.0</P> <P>&nbsp;</P> <P>After some advise/suggestions</P> <P>&nbsp;</P> <P>We are rolling out Global Protect for the first time and getting some strange results</P> <P>Portal and Gateway Configured to use Azure SAML in addition to this I have followed this article to try and make the whole process simple for users</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBMdCAO&amp;lang=en_US%E2%80%A9" target="_blank">Seamless SAML Authentication with default-browser for GlobalPro... - Knowledge Base - Palo Alto Networks</A></P> <P>&nbsp;</P> <P>Both our Azure MFA Sign-in Frequency and Authentication Override cookies are set to 1 hour.</P> <P>&nbsp;</P> <P>On first login everything seems to work ok and if we attempt to disconnect and reconnect VPN within an hour everything seems to work fine and users can connect without needing to authenticate, however after that hour has passed (I assume the Azure cookie timestamps)&nbsp; then the problems start and users get a mixture of issues - the most common one is Finding Best Gateway just sits there and you might get a second browser open (presumably from the Gateway) advising that authentication is successful and to "click here" to launch global protect but this works intermittently but most times Find Best Gateway just sits there...</P> <P>&nbsp;</P> <P>Anyone setup Global Protect in this way or have any pointers appreciated</P> Mon, 04 Dec 2023 15:30:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-azure-saml/m-p/568230#M4700 PBassett 2023-12-04T15:30:09Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-azure-saml/m-p/589331#M5450 <P>Hello,&nbsp;</P> <P>&nbsp;</P> <P>I was wondering if you had the issue resolved.</P> Tue, 11 Jun 2024 23:11:30 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-azure-saml/m-p/589331#M5450 Wowrack-Support 2024-06-11T23:11:30Z