Browser behavior when using SAML authentication with GlobalProtect

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Browser behavior when using SAML authentication with GlobalProtect

L1 Bithead

We recently changed from using our internal AD for authentication to GP external portal/gateway to using SAML authentication with MFA using Azure AD.


The testing for company users was fairly consistent but involves a lot of browser activity (prompt for AD creds, MFA prompt and two GP prompts). After a few successful logins this process usually gets a little bit easier as information is cached.


When we began testing with outside suppliers we ran into an issue since their browser is rarely associated to the credentials that we have given them. So when they click connect in the GP client their browser will typically try to use some other credential, and it's hard to troubleshoot this remotely.


Has anyone else run into this issue using the GP client, and if so did you find any way to make it more consistent?




L3 Networker

Hi @JackTrainor,


Did you set the GP App Configurations - Use Default Browser for SAML Authentication, to Yes?

If you set this option to No, then you can minimize the dependency on web browsers since this setting uses the GP-embedded browser.


Hope this helps,


"The Simplicity is the ultimate sophistication." - Leonardo da Vinci.

We did test both ways (embedded vs. default browser), but it didn't help in this case. If the wrong username gets associated with the browser then it tends to use that name, error out and not show the user what happened. The browser's default behavior seems to be to cache everything.


There are some advantages to using the embedded browser after the user has logged in successfully (less browser windows appear). However, if you have users with mobile devices then the behavior becomes less predictable. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!