Migrate GlobalProtect users from LDAP portal to SAML portal

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migrate GlobalProtect users from LDAP portal to SAML portal

L0 Member

Dear community,


Pleae could someone help with my GlobalProtect transition from LDAP to SAML ?


The SAML side of things has been setup and tested. I would now like to move from one portal and gateway (using LDAP auth) to new ones using SAML auth but I am struggling to see how to do this transparently for all our users with minimal disruption or manual intervention from IT.



Windows domain managed by GPOs.

Current portal & gateway IP: (LDAP auth)

New portal & gateway IP: (SAML auth using auth cookie)


I would like to push the new portal IPs to my GP clients and change the preference so the GP clients will use those new IPs automatically. As a result my users should automatically authenticate to the new SAMP portal and gateway.  


I'm struggling to achieve this. There is a reg key for Windows but that only defines the IP that you get when you install the GP client for for the first time. I won't change anything after the GP client has been installed. Am I missing anything?


I could push new client install from SCCM but again this will cause disruption and will only add a single IP from what I can tell.


Any advice would be much appreciated. I need to do this for over a 1000 users around the world.


Thank you


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!