This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Global Protect multiple VPN and multiple authentication methods

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect multiple VPN and multiple authentication methods

RickV2023
L1 Bithead

‎03-20-2023 07:06 AM

I Have question regarding GlobalProtect:

I have 1 Palo Alto with configured GlobalProtect. I would like to configure 2 profile, 1 for my internal users using SAML authentication,and another for vendors using  the local database. Similar to Cisco AnyConnect where  you can have a drop down list and pick the connection profile. 

Since i am using SAML authentication i know authenticaion sequence is not an option. 

 

Has anybody done such a setup and if so any suggestions would be appreciated. 

 

thanks

 

rick 

 

0 Likes Likes
2 REPLIES 2

kiwi
Community Team Member

‎03-21-2023 02:29 AM

Hi @RickV2023 ,

 

Can you make it work by setting up different agent configs and assign them to different groups which they apply to ?

 

As you pointed out you can't add SAML to an auth-sequence.  However, there's an existing feature request you can add your vote to.  Please reach out to your local SE and have him add your vote to FR# 8448 (Add SAML from Okta in Authentication Sequence ).

 

Kind regards,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

dishashah93
L1 Bithead

‎07-30-2024 10:36 PM

No, On Global protect portal and gateway Authentication tab, match only base on OS. The client authentication configurations with OS-specific configurations at the top of the list. The portal looks for a match starting from the top of the list. When it finds a match, it delivers the corresponding configuration to the app.


For example: 

Auth failed example :

  • Two Auth profiles with SAMl and local.

dishashah93_0-1722404143137.png

 





Based on the configuration, Firewall will match the first Any os device and not check the second Authentication.

In order to work this scenario, Change the one of the OS to Mac or any other possible OS device. If the Authentication profile is something other than the SAML, the best way is create the Auth sequence.

Note : Firewall does not support SAML Authentication on Auth Sequence. 

0 Likes Likes
  • 1964 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks