For details on cookie usage on our site, read our Privacy Policy
AzureAD Group Mapping for GP
- LIVEcommunity
- Discussions
- Network Security
- GlobalProtect Discussions
- AzureAD Group Mapping for GP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-23-2020 08:43 PM
Hello,
We're currently implementing GlobalProtect with SAML Authentification to AzureAD only (no hybrid) based on groups for easier management.
Example :
Groupe1 is given an IP_Pool1 IP with access to subnet1
Groupe2 is given an IP_Pool2 IP with access to subnet 1 and 2
As of today, we didn't find any way to do it properly and from what we've seen online it may not be supported at all without any third party or on-prem AD.
Did any of you ran into that issue before and did you find the solution?
Thanks.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-23-2021 06:48 PM
Hello @TomYoung,
We're not yet using PANOS 10.X but we will take a look - thanks.
We ended doing what @Tony_Ellis mentioned - AzureAD/SAML for Authentification & MFA and AD on-premise for groups mapping. AzureAD information been sync from our AD on-premise to ease the user onboarding process.
Best,
- Separate IP pool config for two departments when connecting to global protect in GlobalProtect Discussions
- Agent Client Settings user name match when SAML in GlobalProtect Discussions
- Multiple GlobalProtect profiles based on LDAP groups in Next-Generation Firewall Discussions
- Unable to authenticate user to GlobalProtect using OpenLDAP in GlobalProtect Discussions
- User-id & group information miss mapping issue in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
