We have a GP configuration with 8 GP Gateways and 2 of them are acting as a GP Portal for backup.
We are using SAML authentication with Azure and wanted to know how to you deploy GP with SAML authentication in large scale.
Currently I have configured 3 SAML apps on Azure one for each PA device but I think it is not the right configuration since now I am getting that each SAML App's domain need to be unique and the Portal domain is for example: vpn.company.com and I need to deploy it to 2 SAML Apps.
My assumptions are that because we only use SP Initiated SAML authentication meaning that the authentication process starts at the PA device I can just add all of the domains that are relevant on a single SAML App and install that Metadata file on all of the Pas. Am I right ?
Yes i've add both PA URL's in Azure in the same app, see below.
In our case we use an Azure Loadbalancer for the balanced portal configuration.
That portal points to the direct addresses of the firewall for the gateway connectivity.
The whole point of SSO/SAML is to use a single identity provider/authentication provider (Azure AD in this case) and have multiple serviceproviders (GP Portal and Gateways in this case) use it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!