03-26-2026 02:15 AM
Dear community,
In our globalprotect setup, we have client certificate authentication in the portal (transparent for user) and SAML authentication in the gateway
We have enabled cookies in the gateway, so after first SAML authentication, the firewall won´t intitiate authentication again wile cookie lifetime is available.
We have disabled single sign on in the application settings as well as “Save User Credentials” is set to yes.
However this configuration seems not to work, the firewall asks for authentication after each Windows session resumes.
Do you have any idea how to make SAML authentication works with cookies so it´s transperent for users after 1st successful authentication.
Thanks in advance!
03-26-2026 07:07 AM - edited 03-26-2026 07:11 AM
What hardware device type is the user on? We have Windows, Mac, and iPad users in our environment. SAML auth for iPads isn't supported by Apple, but we're doing SAML with a cookie override for our Windows and Mac users and we're not having any issues.
We don't "save credential" and our users never put a ID/PW in to the GP app. It's SSO essentially where the GP client transparently collects creds from the OS and SAML auths the user to Entra through CIE. With cookie auth in a given time period for secondary auth.
04-30-2026 10:29 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
