02-05-2026 01:25 PM
Hello, I have set up GlobalProtect using AZURE SSO for the sign in and for group mapping I am using LDAP. However, in the GPSVC logs, I see users being returned as domain\\username
2 slashes. This is causing issues with users not being able to get a client config as I am putting users in specific subnets according to their AD membership.
The username attribute on the azure side is set to return
Join (user.netbiosname, "\", user.onpremisessamaccountname).
I have done this as the userid is expecting users to be returned as domain\username.
I confirmed in authd log and in the globalprotect client logs that there is only a single slash being returned by Azure. I am not sure where this extra slash is coming in from.
I have also confirmed in the auth profile looks fine.
I have a similar set up on a different firewall for GlobalProtect and that seems to be working fine.
What am I missing in the settings that is causing this extra slash? I attached the screenshot showing the attrib and claims setting from Azure/
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
