05-16-2023 12:01 AM
We have implemented SAML authentication for GP users. Since then the Source User logs are being seen as email IDs and not with the SAMACCOUNTNAME. So the rules implemented with the LDAP user groups are not working. Is there any way we can get this sorted?
05-16-2023 04:20 AM - edited 05-16-2023 12:48 PM
Hi @Sanjay_Ramaiah ,
What do you have configured for your Primary Username under Device > User Identification > Group Mapping Settings > User and Group Attributes?
That should fix the problem. If not, there are a couple other options:
Edit: Forgot to post URL -> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/user-identification/device-us....
05-17-2023 12:30 AM
Thank you very much Tom for your reply.
In the Group Mapping we have configured the Server Profile with the PrimaryUsername as SAMACCOUNTNAME itself. After we started using SAML it will not check the Group Mappings right so now we are facing this issue.
As you suggested will check at the SAML Provider end to see if we can make some changes. Will keep this chain updated. Thanks again 🙂
05-17-2023 02:59 AM
Hi @Sanjay_Ramaiah ,
If you change the Primary Username to userPrincipalName, then it will list the group members in UPN format. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpgcCAC&lang=en_US%E2%80%A... The users in the group will match your SAML format.
Maybe you cannot do that because you have other User-ID sources currently working with group mapping. If this is the case, you are on the right track to get your usernames standardized in the right format.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!