https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-user-id-group-mapping/m-p/1228991#M6767 <P>Hi</P> <P>I have been struggling with an issue that I have seen many times with the GP user/group mapping when using two types of auth resources.</P> <P>We have are on-prem VPN portal/gateway using Azure SAML auth. Which is turn uses the upn for login (i.e <A href="mailto:username@domainname.com" target="_blank">username@domainname.com</A>). The firewall hosting the portal and gateway is using LDAP servers/userID agent servers.</P> <P>When trying to setup a unique gp portal agent profile that has different configuration setting and using the domain\username or domain\groupname, and even the upn <A href="mailto:user@domain.com," target="_blank">user@domain.com,</A>&nbsp;but when logging in the GP portal from the client, all authentication works however it does not match the specific new user agent profile that we created, it goes to the default agent profile. I have been working with support for 3 weeks with no resolution.&nbsp; Any help would be appreciated</P> Tue, 13 May 2025 20:01:34 GMT D.Maas 2025-05-13T20:01:34Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-user-id-group-mapping/m-p/1228991#M6767 <P>Hi</P> <P>I have been struggling with an issue that I have seen many times with the GP user/group mapping when using two types of auth resources.</P> <P>We have are on-prem VPN portal/gateway using Azure SAML auth. Which is turn uses the upn for login (i.e <A href="mailto:username@domainname.com" target="_blank">username@domainname.com</A>). The firewall hosting the portal and gateway is using LDAP servers/userID agent servers.</P> <P>When trying to setup a unique gp portal agent profile that has different configuration setting and using the domain\username or domain\groupname, and even the upn <A href="mailto:user@domain.com," target="_blank">user@domain.com,</A>&nbsp;but when logging in the GP portal from the client, all authentication works however it does not match the specific new user agent profile that we created, it goes to the default agent profile. I have been working with support for 3 weeks with no resolution.&nbsp; Any help would be appreciated</P> Tue, 13 May 2025 20:01:34 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-user-id-group-mapping/m-p/1228991#M6767 D.Maas 2025-05-13T20:01:34Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-user-id-group-mapping/m-p/1229637#M6788 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/299100937">@D.Maas</a> ,</P> <P>&nbsp;</P> <P>Please see this thread <A href="https://live.paloaltonetworks.com/t5/general-topics/configure-saml-for-globlaprotect-and-use-groups-to-filter/m-p/1226539#M123990" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/configure-saml-for-globlaprotect-and-use-groups-to-filter/m-p/1226539#M123990</A> and let me know if it fixes your issue.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Wed, 21 May 2025 18:00:58 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-and-user-id-group-mapping/m-p/1229637#M6788 TomYoung 2025-05-21T18:00:58Z