06-02-2025 12:29 AM
Hello everyone!
I am deploying and operating SASE GlobalProtect using Strata Cloud Manager.
The problem that occurred is that some users are not redirected from the auth page that opens automatically after connecting to GlobalProtect.
The exact time of the failure is as follows.
Attempting to connect to GlobalProtect Agent to sase.company.com > Default browser opens entered cloud-auth.~.apps.paloaltonetworks.com/auth > The URL redirects to the SAML page of sase.company.com and should be authenticated with SAML, but it is not.
ERR_TIMED_OUT is displayed at cloud-auth.~.apps.paloaltonetworks.com/auth.
In SCM > Log viewer > GlobalProtect, the log that the user attempted to access is not visible.
Where should I check and how can I resolve this issue?
Thank you.
06-02-2025 06:51 AM
Any reason you're using the system browser instead of the embedded one? (id recommend the embedded one unless you really need the system browser)
The first place i'd look to troubleshoot this issue is the "reply URL" in your IdP to make sure it is pointing to the right URL
it looks like you're using the cloud identity engine auth, so verify the reply url you're using in your own IdP (azure, AWS, .....) to make sure it points to the right url for your CIE instance
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
