Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

SAML Authentication - Users not prompted for password or MFA

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SAML Authentication - Users not prompted for password or MFA

L0 Member

Hi all,

We've setup SAML / SSO and all works OK , however, when GlobalProtect starts, it automatically connects without asking for any creds. I'm assuming this is a result of the machine being joined to the same domain so the password is not needed. However, I'd like to configure it so that at least an MFA prompt occurs. 

 

Connecting on a non joined machine does exhibit this behavior. 

2 REPLIES 2

Cyber Elite
Cyber Elite

Hi @SethEfrat ,

 

When SAML/SSO does not prompt for creds or MFA, it is almost always an authentication cookie.  Check you IdP authentication cookie settings.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L2 Linker

This might be a known issue that is being addressed on PANOS 10.2.5 where addressed a situation where the firewall failed to appropriately initiate Single Log-out (SLO) towards the client, leading to the client's inability to trigger the SLO request towards the identity provider (IdP). Consequently, this led to the IdP not executing the SLO callback to the firewall for user removal.

Issue ID: PAN-213296

 

Can be found on PANOS 10.2.5 release notes:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-5-known-and-addressed...

Senior Network Security Engineer
PCNSE | CCNP | JNCIP
  • 2180 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!