GP SSO SAML Azure AD - Microsoft SSO Login Page

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GP SSO SAML Azure AD - Microsoft SSO Login Page

L1 Bithead

Hi,

 

Why sometime we see the Microsoft SSO Login page requesting password ? 

 

Most of the time, this is seemless and transparent to user, and we do not have to enter username/password which show me that SSO is working great. However, like I said, sometime, we got the Microsoft SSO Login page requesting password.

 

I'm just wondering which cause the Microsoft Login page to request entering password during logon. 

 

 

1 REPLY 1

L2 Linker

Hi,

 

PanOS supports SP initiated authentication for SAML, so when the user authenticates to the idP, the client will hold an SSO cookie, to authenticate all subsequent connections, hence SSO will work. But if the Cookie expires from the idP side and/or login lifetime has expired on the firewall, then the user will be initiated to authenticate again. 

You can extend the login time from your idP side, as well as the firewall Login Lifetime on the gateway side. If both of these are extended, then the user should be able to authenticate for a longer period of time, but they will still be prompted to authenticate once the SSO session expires.  Currently, the GP client uses an embedded browser like IE for windows, and it can't use the SSO session from let's say Chrome browser, where the user might have already authenticated to the idp. 

Starting GP client 5.2, you will have the option to set a default browser for the user i.e. Chrome and it should allow GP client to use SSO session if the user has already authenticated to the idp. 

Let me know if that helps!

Thanks and stay safe

  • 3070 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!