Global Protect Azure AD MFA

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect Azure AD MFA

L3 Networker

I've recently setup and succesfully tested a new portal and gateway with Azure AD MFA and the global protect app.  Currently i can log into my iphone app and I receive the portal auth, (LDAP) and then get prompted for the Microsoft sign in followed by the MFA (SAML), in my case I'm utilizing the MS authenticator app.

 

All is good with this setup and configuration.  The problem I'm seeing now is I cannot authenticate with the portal address via the Web using the url for the portal or from the global protect app on my windows laptop.  Testing took place with the Global Protect iOS app.

 

GP logs are not showing me enough to break down what is occuring, AUTH failed, portal config is null, portal status is user authentication failed.  Monitor shows failed login, with "other" for auth method.

 

Let me know what you would like to see from my logs to troubleshoot.  I'm not seeing why this isnt working.  Perhaps some conditional access settings on the MS side.

 

GlobalProtect 

1 REPLY 1

L3 Networker

I made some progress on this.  First off, I made a mistake on the portal config.  I had it set to iOS only and have since switched to "any" OS.  Upon the commit I can now log into the portal via the web address.  Confirming my ability to authenticate with the portal via another method other than the iOS app.  I then moved on to the windows applicaiton.  It however is still giving me an error.  Currently getting error "failed to get client configuration".  Any thoughts?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!