https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1251012#M126196 <P>What hardware device type is the user on?&nbsp; We have Windows, Mac, and iPad users in our environment.&nbsp; SAML auth for iPads isn't supported by Apple, but we're doing SAML with a cookie override for our Windows and Mac users and we're not having any issues.</P> <P>&nbsp;</P> <P>We don't "save credential" and our users never put a ID/PW in to the GP app.&nbsp; It's SSO essentially where the GP client transparently collects creds from the OS and SAML auths the user to Entra through CIE.&nbsp; With cookie auth in a given time period for secondary auth.</P> Thu, 26 Mar 2026 14:11:01 GMT Brandon_Wertz 2026-03-26T14:11:01Z https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1250983#M126195 <P>Dear community,</P> <P>&nbsp;</P> <P>In our globalprotect setup, we have client certificate authentication in the portal (transparent for user) and SAML authentication in the gateway<BR />We have enabled cookies in the gateway, so after first SAML authentication, the firewall won´t intitiate authentication again wile cookie lifetime is available.<BR />We have disabled single sign on in the application settings as well as “Save User Credentials” is set to yes.</P> <P>However this configuration seems not to work, the firewall asks for authentication after each Windows session resumes.</P> <P>&nbsp;</P> <P>Do you have any idea how to make SAML authentication works with cookies so it´s transperent for users after 1st successful authentication.</P> <P>&nbsp;</P> <P>Thanks in advance!</P> Thu, 26 Mar 2026 09:15:28 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1250983#M126195 Carracido 2026-03-26T09:15:28Z https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1251012#M126196 <P>What hardware device type is the user on?&nbsp; We have Windows, Mac, and iPad users in our environment.&nbsp; SAML auth for iPads isn't supported by Apple, but we're doing SAML with a cookie override for our Windows and Mac users and we're not having any issues.</P> <P>&nbsp;</P> <P>We don't "save credential" and our users never put a ID/PW in to the GP app.&nbsp; It's SSO essentially where the GP client transparently collects creds from the OS and SAML auths the user to Entra through CIE.&nbsp; With cookie auth in a given time period for secondary auth.</P> Thu, 26 Mar 2026 14:11:01 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1251012#M126196 Brandon_Wertz 2026-03-26T14:11:01Z https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1251013#M126197 <P>We have only windows machines.</P> Thu, 26 Mar 2026 14:11:00 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1251013#M126197 Carracido 2026-03-26T14:11:00Z https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1253354#M126361 <P><A href="https://live.paloaltonetworks.com/t5/general-topics/gp-with-saml-authentication-always-redirects-to-idp/td-p/1253343" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/gp-with-saml-authentication-always-redirects-to-idp/td-p/1253343</A></P> Thu, 30 Apr 2026 17:29:21 GMT https://live.paloaltonetworks.com/t5/general-topics/saml-authentication-with-cookies-won-t-work/m-p/1253354#M126361 TomYoung 2026-04-30T17:29:21Z