https://live.paloaltonetworks.com/t5/general-topics/saml-integration-globalprotect-azure-ad-entraid-policy-based/m-p/1225867#M123899 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/179185">@Metgatz</a>,</P> <P>Look into the Cloud Identity Engine, it's the answer to this exact problem. </P> Mon, 07 Apr 2025 21:52:25 GMT BPry 2025-04-07T21:52:25Z https://live.paloaltonetworks.com/t5/general-topics/saml-integration-globalprotect-azure-ad-entraid-policy-based/m-p/1225735#M123881 <P>SAML - Integration - Globalprotect Azure-AD-EntraID&nbsp; - Policy Based Groups Azure-AD for GP</P> <P>&nbsp;</P> <P>Hello Live community, how's it going? I hope it's going well.</P> <P>&nbsp;</P> <P>I have a question, today we have via GP the integration with Azure-AD Entra ID, via SAML, where everything works correctly.</P> <P>&nbsp;</P> <P>At the level of what is the assignment of groups, we already assigned several groups in the enterprise application, where you read who or who can log in via GP, now the big question.</P> <P>&nbsp;</P> <P>Is it feasible to make group based policies, ie:</P> <P>GP source zone - destination DMZ01 Azure Source Group: IT01</P> <P>I.e. Azure Group-AD<SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="mailto:IT01@contoso.com" target="_blank" rel="noopener nofollow ugc">IT01@contoso.com</A><SPAN>&nbsp;</SPAN>, another with<SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="mailto:SEC01@contos.com" target="_blank" rel="noopener nofollow ugc">SEC01@contos.com</A><SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="mailto:Infra@contoso.com" target="_blank" rel="noopener nofollow ugc">Infra@contoso.com</A>.</P> <P>&nbsp;</P> <P>This to avoid having to make policies, user, by user, to reach and filter the destinations.</P> <P>&nbsp;</P> <P>Is this feasible ?</P> <P>&nbsp;</P> <P><STRONG><EM>There is no AD-Onprem.</EM></STRONG></P> <P>&nbsp;</P> <P>Thank you I remain attentive</P> <P>&nbsp;</P> <P>Best regards</P> Fri, 04 Apr 2025 16:55:10 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-integration-globalprotect-azure-ad-entraid-policy-based/m-p/1225735#M123881 Metgatz 2025-04-04T16:55:10Z https://live.paloaltonetworks.com/t5/general-topics/saml-integration-globalprotect-azure-ad-entraid-policy-based/m-p/1225867#M123899 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/179185">@Metgatz</a>,</P> <P>Look into the Cloud Identity Engine, it's the answer to this exact problem. </P> Mon, 07 Apr 2025 21:52:25 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-integration-globalprotect-azure-ad-entraid-policy-based/m-p/1225867#M123899 BPry 2025-04-07T21:52:25Z