1 user cannot authenticate to global protect

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

1 user cannot authenticate to global protect

L1 Bithead

I have global setup and running and we are using DUO access gateway SAML for authentication.

All of my users can login fine EXCEPT 1 user who successfully authenticates to duo, but then just gets an authentication failed message from our global protect.
The description in the auth fail on the monitor tab shows some weird SID looking string instead of his username.  I have a case open with palo alto, but they don't think it's a firewall issue.  However, when they were troubleshooting yesterday, the firewall kept saying his user account wasn't in the allow list of the authentication profile.  BUT the thing is that he IS in the group that we allow global protect access to.  I can login with my account, with a test account, and every other user can connect fine.

Anyone have any suggestions what is going on here.  My server admin says his duo account/info is all correct.  This worked fine last week and just stopped working monday.

authentication failed.jpgauthentication failed 2.JPG

  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!