GlobalProtect SAML Metadata
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect SAML Metadata

Hi Experts,


I have configured Azure SAML SSO for GlobalProtect. When I try to export Metadata from PaloAlto FW for global-protect service, there is a mandatory section to select which virtual system. But in my case, there is no virtual system to select from. I am not sure what's the issue. Any idea what's going on?


SAML metadata.PNG

Thanks for your help in advance!



I'm currently experiencing this on an on-premise PA-220 firewall. When you want to export the Metadata file from the firewall, the authentication profile is there already. However, clicking the VSYS drop-down gives no value and so the 'OK' button is greyed out.

Firewall is running PAN-OS 9.0.5.


Did you have to do anything else to export it successfully?

'vsys1' is supposed to show up as an option.

Did you try to type in `vsys1` manually to see if it lets you?

Just fyi, I have this working in an Azure environment, with a private IP on the virtual firewall in Azure, and didn't run into this problem... SAML works fine to Azure.

What firewall you running? can you share your configuration?



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!