SAML ADFS for GlobalProtect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SAML ADFS for GlobalProtect

L0 Member

Hi,

Is someone able to shed some ligh on the below.

 

1. Can SAML be used to map to an LDAP group, if so is there guidance?
2. Does PAN support using SAML AND prelogon/alwayson with GP?

 

 

Thanks

 

 

2 REPLIES 2

L7 Applicator

This question was posted in the wrong area. 

I am moving this to the General Discussion area.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L7 Applicator

Hi @Kashif_Noor

 

Why don't you just try this to see if it works? Because I would be interested too 😉

 

But now something hopefully more helpful:

  1. As it is also possible with RADIUS, I assume that it will also work with SAML. But it's more a two way communication. One part is to have your firewall connecting to your LDAP directory to get the group mappings and also to be able to use LDAP groups in your policy or in your global protect gateway. If you there configured SAML as authentication, your IdP will tell the firewall which user just logged in and the firewall is able to check to what synchronized groups this user belongs to
  2. For pre-logon you can only use a certificate profile, because at that stage the certificate is the only thing which is available without user-interaction. But SAML can then be used afterwards for userlogin, as described somehow in point 1 to apply user/group based policies/configurations.
  • 3564 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!