https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/583370#M5243 <P>Hi,</P> <P>&nbsp;</P> <P>Did you find working solution for this kind of integration with SAML. I was able to create SAML for for Global Protect Portal and Clientless VPN. And now I want to create something similar with internal published application Guacamole with SAML, but is this possible at all, from the perspective of first SAML session of the login to GP Portal, then further use for internal published application?</P> <P>&nbsp;</P> <P>Regards,</P> <P>Matjaž</P> Thu, 11 Apr 2024 12:27:30 GMT matjazp 2024-04-11T12:27:30Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/573319#M4837 <P>Hi there, I wanted to check that possibly what I'm trying isn't actually going to work. Had a look around at people with simular issues on LDAP, but I thought using SAML would solve this ... but not!</P> <P>&nbsp;</P> <P>What I'm trying to achieve here is SSO into the VPN portal and then into any applications that use the same SSO method (the method we are using is SAML via Microsoft Entra (365).</P> <P>&nbsp;</P> <P>I have SAML SSO working as an auth profile for the Global Protect Portal... works perfectly. I have Applications (Guacamole, One Drive) that can be accessed via the VPN portal.. but the first time I access one of these I'm prompted again for My Microsoft sign in. If I then use any other Microsoft SSO app I'm not prompted.</P> <P>&nbsp;</P> <P>Is this expected as there is no link between the outside "session" and the sessions inside the portal?.. Is this possible to achieve (no double login)?</P> <P>&nbsp;</P> <P>Thanks in advance.</P> Wed, 17 Jan 2024 11:57:36 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/573319#M4837 DTGHelp 2024-01-17T11:57:36Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/573356#M4838 <P>It depends on&nbsp;Microsoft Entra settings.</P> <P>&nbsp;</P> <P>In DUO SAML for example it is possible to configure if every application needs to be accepted with 2FA or any of them.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Raido_Rattameister_0-1705517453954.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56586iED053F9D9EA8B2CA/image-size/medium?v=v2&amp;px=400" role="button" title="Raido_Rattameister_0-1705517453954.png" alt="Raido_Rattameister_0-1705517453954.png" /></span></P> <P>&nbsp;</P> Wed, 17 Jan 2024 18:52:34 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/573356#M4838 Raido_Rattameister 2024-01-17T18:52:34Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/583370#M5243 <P>Hi,</P> <P>&nbsp;</P> <P>Did you find working solution for this kind of integration with SAML. I was able to create SAML for for Global Protect Portal and Clientless VPN. And now I want to create something similar with internal published application Guacamole with SAML, but is this possible at all, from the perspective of first SAML session of the login to GP Portal, then further use for internal published application?</P> <P>&nbsp;</P> <P>Regards,</P> <P>Matjaž</P> Thu, 11 Apr 2024 12:27:30 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-portal-and-saml-sso-and-application-sso/m-p/583370#M5243 matjazp 2024-04-11T12:27:30Z