09-27-2022 04:37 AM
Dear community,
Pleae could someone help with my GlobalProtect transition from LDAP to SAML ?
The SAML side of things has been setup and tested. I would now like to move from one portal and gateway (using LDAP auth) to new ones using SAML auth but I am struggling to see how to do this transparently for all our users with minimal disruption or manual intervention from IT.
Example:
Windows domain managed by GPOs.
Current portal & gateway IP: 50.0.0.1 (LDAP auth)
New portal & gateway IP: 60.0.0.1 (SAML auth using auth cookie)
I would like to push the new portal IPs to my GP clients and change the preference so the GP clients will use those new IPs automatically. As a result my users should automatically authenticate to the new SAMP portal and gateway.
I'm struggling to achieve this. There is a reg key for Windows but that only defines the IP that you get when you install the GP client for for the first time. I won't change anything after the GP client has been installed. Am I missing anything?
I could push new client install from SCCM but again this will cause disruption and will only add a single IP from what I can tell.
Any advice would be much appreciated. I need to do this for over a 1000 users around the world.
Thank you
Michal
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
