the following problem:
A Sub-AD-Domain in a forest with different domains at samAccountName and userPrincipalName.
Dial-in with Global Protect via SAML with firstname.lastname@example.org
PA recognizes user as email@example.com. All rules based on User-ID don't work, because PA can't recognize the user (logically) via the existing Group Mapping (User Domain = domain01):
My idea was to add another Group Mapping which additionally picks up the "domain02.com":
But unfortunately User-ID spins completely after that. Sometimes a user is recognized, sometimes not. Total chaos.
Does anyone know how to solve this?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!