Clientless VPN portal and SAML SSO and Application SSO

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Clientless VPN portal and SAML SSO and Application SSO

L0 Member

Hi there, I wanted to check that possibly what I'm trying isn't actually going to work. Had a look around at people with simular issues on LDAP, but I thought using SAML would solve this ... but not!


What I'm trying to achieve here is SSO into the VPN portal and then into any applications that use the same SSO method (the method we are using is SAML via Microsoft Entra (365).


I have SAML SSO working as an auth profile for the Global Protect Portal... works perfectly. I have Applications (Guacamole, One Drive) that can be accessed via the VPN portal.. but the first time I access one of these I'm prompted again for My Microsoft sign in. If I then use any other Microsoft SSO app I'm not prompted.


Is this expected as there is no link between the outside "session" and the sessions inside the portal?.. Is this possible to achieve (no double login)?


Thanks in advance.


Cyber Elite
Cyber Elite

It depends on Microsoft Entra settings.


In DUO SAML for example it is possible to configure if every application needs to be accepted with 2FA or any of them.




Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!