Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Change logo for Authentication Complete page

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Change logo for Authentication Complete page

L2 Linker

Hi,

We have PA-850 with globalprotect 5.2.

To make it more clear for our users we would like to customize the logo shown in the portal and whenever the user authenticates correctly. We are using Azure AD via SAML.

 

Currently we do have the default page (attachment).

 

Thanks a lot.

 

 

 



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
4 REPLIES 4

Hi @JoseCortijo ,

That is interesting... I haven't see such response page before, although we also use GP with SAML for one setup. When you receive this message - when user tries to open GP portal address with web browser or when user tries to connect with GP client?

 

In any case Device -> Response Pages is the only place where you can customize the response pages that FW is hosting. I don't see anything there looks like your screenshot. Have you try to edit "GlobalProtect Portal Login Page" and put a link for the log variable?

Hi @astard

yes, we use GlobalProtect with SAML. that page is the response the user receives once he successfully authenticates against azure AD. Then, the page executes a callback to the global protect client to complete the tunnel and the status "Connected" appears in the agent.

I added the logo and I imported the modified file. But now I am not sure if I should delete the previous one, they are both listed now with different locations. I could not find an explanation about that field in the official doc.

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/device/device-response-pages

any idea what is the purpose of that?

 

Hi @JoseCortijo ,

You cannot delete/remove "predefined", if you have uploaded a custom one it will be used instead of the predefined.

 

I want to focus on what you said:

"that page is the response the user receives once he successfully authenticates against azure AD. Then, the page executes a callback to the global protect client to complete the tunnel and the status "Connected" appears in the agent"

 

Just to be completely clear:

1. You click on connect button on the GlobalProtect

2. Window pops up, prompting the user to authenticate.

3. If user has entered correct credentials, he will see the page from your first screenshot

4. After that GlobalProtect will connect and the browser window will close

 

I believe this page is actually served by Azure

L2 Linker

Hi @aleksandar.astardzhiev 

 

yes I can confirm all your assumptions. Your steps exactly describe the authentication workflow we have in place.

 

I also checked in Azure AD for response pages related to the globalprotect enterprise app but I did not find anything that could be customize.

 

 

 

  • 3668 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!