07-17-2024 06:49 AM
Hello Community,
We have been working on changing out our local LDAP authentication to google SAML for our globalprotect login on both our gateway and portal. Authentication for the gateway works as intended but the portal auth refuses to complete. A successful handshake between google and the paloalto is made via the certificate and I can login with any user, but the portal connection fails to complete and a google 403 error (app_not_configured_for_user) appears (attached a screenshot for reference). The service has already been turned on within the google SAML app webpage for all users.
The encoded SAML request and response all match up. ACS and Entity IDs match with no deviations (ie no misplaced uppercase letters).
If it's any hint, the Test SAML Login option within the Google Admin SAML app page brings me to PaloAltos login page and allows me to use my proper google account, however I am greeted with a Paloalto page that says Authentication Failed (attached screenshot for splash page).
TAC said everything looks fine on the firewall side of things. Google support has been contacted but so far they haven't been very useful.
Has anyone else experienced this issue? Any advice would be greatly appreciated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
