https://live.paloaltonetworks.com/t5/next-generation-firewall/chatgpt-enteprise-login-only/m-p/1248115#M6695 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/157358">@Sec101</a>&nbsp;I think, we can do it using header insertion. For this, you would need to decrypt the target URL traffic ( in this case, it will be chatGPT URL/s) and you need to follow correct header insertion so appropriate action can be taken. We have done this for O365, GitHub for personal accounts restrictions. I think, you should check with OpenAI support for getting your enterprise account slug/tenant details.&nbsp;<BR /><BR />Ref -<BR /><A href="https://docs.paloaltonetworks.com/ngfw/administration/app-id/http-header-insertion" target="_blank">Use HTTP Headers to Manage SaaS Application Access</A><BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VSRCA2&amp;lang=en_US%E2%80%A9" target="_blank">HTTP header insertion workaround for HTTP/2.0 SaaS applications - Knowledge Base - Palo Alto Networks</A><BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PM1sCAG&amp;lang=en_US%E2%80%A9" target="_blank">How to insert multiple domains in HTTP Header Insertion - Knowledge Base - Palo Alto Networks</A><BR /><BR /><BR /></P> Fri, 13 Feb 2026 08:56:49 GMT SutareMayur 2026-02-13T08:56:49Z https://live.paloaltonetworks.com/t5/next-generation-firewall/chatgpt-enteprise-login-only/m-p/1244265#M6543 <P>How are people policing logins to Chatgpt for enterprise only logins?<BR /><BR /><A href="https://help.zscaler.com/zia/adding-tenant-profiles" target="_blank">https://help.zscaler.com/zia/adding-tenant-profiles</A><BR /><BR />Zscaler does it.&nbsp; &nbsp;<BR /><BR />Palo does it for microsoft.....<BR /><BR />How are people doing this with decryption and Palos native app id, NOT the ACE subscription?<BR /><BR />Is this possible?</P> Fri, 19 Dec 2025 19:55:06 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/chatgpt-enteprise-login-only/m-p/1244265#M6543 Sec101 2025-12-19T19:55:06Z https://live.paloaltonetworks.com/t5/next-generation-firewall/chatgpt-enteprise-login-only/m-p/1248115#M6695 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/157358">@Sec101</a>&nbsp;I think, we can do it using header insertion. For this, you would need to decrypt the target URL traffic ( in this case, it will be chatGPT URL/s) and you need to follow correct header insertion so appropriate action can be taken. We have done this for O365, GitHub for personal accounts restrictions. I think, you should check with OpenAI support for getting your enterprise account slug/tenant details.&nbsp;<BR /><BR />Ref -<BR /><A href="https://docs.paloaltonetworks.com/ngfw/administration/app-id/http-header-insertion" target="_blank">Use HTTP Headers to Manage SaaS Application Access</A><BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VSRCA2&amp;lang=en_US%E2%80%A9" target="_blank">HTTP header insertion workaround for HTTP/2.0 SaaS applications - Knowledge Base - Palo Alto Networks</A><BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PM1sCAG&amp;lang=en_US%E2%80%A9" target="_blank">How to insert multiple domains in HTTP Header Insertion - Knowledge Base - Palo Alto Networks</A><BR /><BR /><BR /></P> Fri, 13 Feb 2026 08:56:49 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/chatgpt-enteprise-login-only/m-p/1248115#M6695 SutareMayur 2026-02-13T08:56:49Z