topic Global Protect with SAML authentication from Azure on multiple Portals in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-with-saml-authentication-from-azure-on-multiple/m-p/383898#M882 <P>Hi Everyone!</P><P>&nbsp;</P><P>Im not sure if this is more a Global Protect or Pan-OS topic, but here goes:</P><P>&nbsp;</P><P>Our setup: I have implemented SAML authentication with our PanOS devices to be used on Global Protect. It works great,</P><P>our corporate laptops authenticate with certificate + SAML, but now I want to have the same SAML authentication on another</P><P>portal that is intended to be used for BYOD devices. That portal is configured to allow only one type of auth, in this case - SAML.</P><P>&nbsp;</P><P>The problem: With the default/documentation SAML setup, after authenticating on Azure SSO, the redirect goes to the first portal,</P><P>the one meant for corporate laptops, that has certificate + SAML, and obviously that fails for BYOD devices with the missing certificate error. Is there a way to configure it so, that multiple reply URLs can be used? So it redirects to the correct portal?&nbsp;</P><P>I know Azure SSO supports idp-initiated sso, but how to use it with Pan-OS?</P><P>&nbsp;</P><P>Any ideas are appreciated</P> Thu, 04 Feb 2021 16:25:22 GMT mdsgn1 2021-02-04T16:25:22Z Global Protect with SAML authentication from Azure on multiple Portals https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-with-saml-authentication-from-azure-on-multiple/m-p/383898#M882 <P>Hi Everyone!</P><P>&nbsp;</P><P>Im not sure if this is more a Global Protect or Pan-OS topic, but here goes:</P><P>&nbsp;</P><P>Our setup: I have implemented SAML authentication with our PanOS devices to be used on Global Protect. It works great,</P><P>our corporate laptops authenticate with certificate + SAML, but now I want to have the same SAML authentication on another</P><P>portal that is intended to be used for BYOD devices. That portal is configured to allow only one type of auth, in this case - SAML.</P><P>&nbsp;</P><P>The problem: With the default/documentation SAML setup, after authenticating on Azure SSO, the redirect goes to the first portal,</P><P>the one meant for corporate laptops, that has certificate + SAML, and obviously that fails for BYOD devices with the missing certificate error. Is there a way to configure it so, that multiple reply URLs can be used? So it redirects to the correct portal?&nbsp;</P><P>I know Azure SSO supports idp-initiated sso, but how to use it with Pan-OS?</P><P>&nbsp;</P><P>Any ideas are appreciated</P> Thu, 04 Feb 2021 16:25:22 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-with-saml-authentication-from-azure-on-multiple/m-p/383898#M882 mdsgn1 2021-02-04T16:25:22Z