https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-into-globalprotect/m-p/595772#M5719 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/382974413">@A.Goble</a>,</P> <P>If you look at the Entra side of things there's a checkbox in the conditional access policy that will allow you to configure a policy specific to the application and require MFA with every authentication. You'll also want to set sign on frequency to whatever you feel is appropriate in that policy as well.</P> Fri, 23 Aug 2024 16:38:26 GMT BPry 2024-08-23T16:38:26Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-into-globalprotect/m-p/595769#M5717 <P>We started using SAML to authentication into GlobalProtect connected back through Entra. The problem is the user will be prompted to put in their windows credentials the first time they login, but say they disconnect and go to log back in to VPN it bypasses the step where they have to put in the credentials entirely and logs them in. How do we make the user manually enter their windows credentials every time they want to connect?</P> Fri, 23 Aug 2024 16:30:05 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-into-globalprotect/m-p/595769#M5717 A.Goble 2024-08-23T16:30:05Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-into-globalprotect/m-p/595772#M5719 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/382974413">@A.Goble</a>,</P> <P>If you look at the Entra side of things there's a checkbox in the conditional access policy that will allow you to configure a policy specific to the application and require MFA with every authentication. You'll also want to set sign on frequency to whatever you feel is appropriate in that policy as well.</P> Fri, 23 Aug 2024 16:38:26 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/saml-authentication-into-globalprotect/m-p/595772#M5719 BPry 2024-08-23T16:38:26Z