topic User not in Allow list in General Topics https://live.paloaltonetworks.com/t5/general-topics/user-not-in-allow-list/m-p/248110#M70581 <P>Hello,</P><P>&nbsp;</P><P>We use SAML authentication profile. with PAN-OS 8.0.13 and GP 4.1.8.</P><P>&nbsp;</P><P>Followed the document below but getting error:&nbsp;SAML SSO authentication failed for user. Reason: User is not in allowlist.</P><P>&nbsp;</P><P><SPAN><A href="http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html" target="_blank">http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html</A></SPAN></P><P>&nbsp;</P><P>We have verified our settings as per the guide below and if we set allow list to "All" then it works fine.</P><P>&nbsp;</P><P><A href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail%3Fid%3DkA10g000000ClizCAC&amp;data=02%7C01%7Csupport-anz%40arrow.com%7C49adfb5688fa47dba56108d6866c73c2%7C0beb0c359cbb4feb99e5589e415c7944%7C1%7C0%7C636844197707427391&amp;sdata=ujlTXSn371v3%2F7LPNdqVRXlXqSDbDvpeApC%2FKSJD25I%3D&amp;reserved=0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClizCAC</A></P><P>&nbsp;</P><P>Any suggestion what we can check further?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 30 Jan 2019 06:14:23 GMT FarzanaMustafa 2019-01-30T06:14:23Z User not in Allow list https://live.paloaltonetworks.com/t5/general-topics/user-not-in-allow-list/m-p/248110#M70581 <P>Hello,</P><P>&nbsp;</P><P>We use SAML authentication profile. with PAN-OS 8.0.13 and GP 4.1.8.</P><P>&nbsp;</P><P>Followed the document below but getting error:&nbsp;SAML SSO authentication failed for user. Reason: User is not in allowlist.</P><P>&nbsp;</P><P><SPAN><A href="http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html" target="_blank">http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html</A></SPAN></P><P>&nbsp;</P><P>We have verified our settings as per the guide below and if we set allow list to "All" then it works fine.</P><P>&nbsp;</P><P><A href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail%3Fid%3DkA10g000000ClizCAC&amp;data=02%7C01%7Csupport-anz%40arrow.com%7C49adfb5688fa47dba56108d6866c73c2%7C0beb0c359cbb4feb99e5589e415c7944%7C1%7C0%7C636844197707427391&amp;sdata=ujlTXSn371v3%2F7LPNdqVRXlXqSDbDvpeApC%2FKSJD25I%3D&amp;reserved=0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClizCAC</A></P><P>&nbsp;</P><P>Any suggestion what we can check further?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 30 Jan 2019 06:14:23 GMT https://live.paloaltonetworks.com/t5/general-topics/user-not-in-allow-list/m-p/248110#M70581 FarzanaMustafa 2019-01-30T06:14:23Z Re: User not in Allow list https://live.paloaltonetworks.com/t5/general-topics/user-not-in-allow-list/m-p/248179#M70602 <P>hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/98673">@FarzanaMustafa</a></P> <P>&nbsp;</P> <P>You'll always need to add 'something' in the allow list. Okta appears to not have documented that properly.</P> <P>The step they propose where you open the advanced tab and then click 'ok' does not work anymore by the way, you now must click add and either choose a user, group or all before being able to click OK </P> <P>What version of PAN-OS are you on currently?</P> Wed, 30 Jan 2019 14:46:39 GMT https://live.paloaltonetworks.com/t5/general-topics/user-not-in-allow-list/m-p/248179#M70602 reaper 2019-01-30T14:46:39Z