I have global setup and running and we are using DUO access gateway SAML for authentication.
All of my users can login fine EXCEPT 1 user who successfully authenticates to duo, but then just gets an authentication failed message from our global protect.
The description in the auth fail on the monitor tab shows some weird SID looking string instead of his username. I have a case open with palo alto, but they don't think it's a firewall issue. However, when they were troubleshooting yesterday, the firewall kept saying his user account wasn't in the allow list of the authentication profile. BUT the thing is that he IS in the group that we allow global protect access to. I can login with my account, with a test account, and every other user can connect fine.
Anyone have any suggestions what is going on here. My server admin says his duo account/info is all correct. This worked fine last week and just stopped working monday.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!