I use a GlobalProtect VPN and have been having an issue logging in recently. The GlobalProtect VPN normally would prompt me with an Office 365 page to specify which account I want to login with but that no longer appears and will automatically use my windows account. I am getting the error message that states "The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account". I have tried just about everything I can think of to resolve this and even tried on a different computer and get the same error. I have uninstalled it completely cleaning the leftover folders and registry items, reinstalled it with the single sign-on switch set to off, cleared my credential manager, cleared my internet cache, imported the program files of a known working machine, and imported the registry entries from a known working machine. The only thing these two machines have in common is that I have signed into office with the same account. Any help is appreciated!
Have you tried logging out of other MS accounts?
Go to Start, type "Email and accounts" click on an active account -> manage and then sign out.
After that try signing in to GlobalProtect VPN.
I encountered the same issue for a couple of users, but I can not figure out the randomness of this problem occurring..
Initially, it was prompting for credential details and working fine. after a set of software was installed(win10) it stopped prompting and taking different credentials on its own instead of asking for credentials and GP was unsuccessful in connecting to VPN.
In my case, GP was using the user credential of VisualStudio login details (which was one of the software I installed) and trying to connect to GP and failed. I uninstalled visual studio (including registry cleanup using software like Revo uninstaller), rebooted the machine.
After that GP was prompting for Credential and successful in connecting.
I'm just contributing to this topic, as my issue is similar: I'm a GlobalProtect end-user and during every connection attempt, I'm prompted 2 to 5 times for my Microsoft account (I guess it's an AD in the end). The problem seems to be, that I'm using multiple MS "company or school" accounts on my machine, not just the one with my employer (which I am legally allowed to do). I addressed this issue to our IT team, but the only information they come up with is "delete the other accounts"... My question now: Isn't there any other way to select the "right" MS account once and for all? MS Office applications (for example) can also use just that one account until I explicitly log out - can't GlobalProtect do the same?
Thanks for any help with this!
I had the same issue when one of my customer added MFA. The GlobalProtect client seems to switch to browser login. It uses the good-old IE11 settings. Mine IE11 automatically tried to sign in with my windows credentials (azure AD).
To confuse GlobalProtect client: give it more that one account to choose from,
1. open IE11
2. log in to https://office.com (automatically logs in with your windows creds.
3. sign out. You are redirected to https://www.office.com/. click [sign in]. Enter the other account, domain and password.
Now when GlobalProtect will ask with which of these two accounts to connect or use another
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!