- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
1 user cannot authenticate to global protect
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- 1 user cannot authenticate to global protect
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
1 user cannot authenticate to global protect
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-11-2019 10:04 AM
I have global setup and running and we are using DUO access gateway SAML for authentication.
All of my users can login fine EXCEPT 1 user who successfully authenticates to duo, but then just gets an authentication failed message from our global protect.
The description in the auth fail on the monitor tab shows some weird SID looking string instead of his username. I have a case open with palo alto, but they don't think it's a firewall issue. However, when they were troubleshooting yesterday, the firewall kept saying his user account wasn't in the allow list of the authentication profile. BUT the thing is that he IS in the group that we allow global protect access to. I can login with my account, with a test account, and every other user can connect fine.
Anyone have any suggestions what is going on here. My server admin says his duo account/info is all correct. This worked fine last week and just stopped working monday.
- Global Protect pre-logon and user IP Pools in General Topics
- Connect to (2) different PAN environments at the same time in GlobalProtect Discussions
- Global Protect Enforcement Bypass in General Topics
- Setting up pre-login. Second Gateway totally necessary? in GlobalProtect Discussions
- Global Protect saml autentication and azure ad configuration? in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
