Global Protect and Azure SAML

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect and Azure SAML

L0 Member

Hi All

PA-VM running 11.0.02

Global Protect 6.2.0

 

After some advise/suggestions

 

We are rolling out Global Protect for the first time and getting some strange results

Portal and Gateway Configured to use Azure SAML in addition to this I have followed this article to try and make the whole process simple for users

 

Seamless SAML Authentication with default-browser for GlobalPro... - Knowledge Base - Palo Alto Netw...

 

Both our Azure MFA Sign-in Frequency and Authentication Override cookies are set to 1 hour.

 

On first login everything seems to work ok and if we attempt to disconnect and reconnect VPN within an hour everything seems to work fine and users can connect without needing to authenticate, however after that hour has passed (I assume the Azure cookie timestamps)  then the problems start and users get a mixture of issues - the most common one is Finding Best Gateway just sits there and you might get a second browser open (presumably from the Gateway) advising that authentication is successful and to "click here" to launch global protect but this works intermittently but most times Find Best Gateway just sits there...

 

Anyone setup Global Protect in this way or have any pointers appreciated

0 REPLIES 0
  • 227 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!