10-04-2021 01:36 PM
I'm using Google as my IDP to authenticate access to Global Protect for the bulk of my users. I have a second gateway/portal that is just local users/groups and I have policies that restrict their access, and I want to mimic that with my main PortalGateway. Ideally I want to pass an attribute to PA that says this person gets this access. I am familiar with adding attribute fields on the IDP side. What I don't know is what is configurable on the PA side?
10-04-2021 07:08 PM
I'm not entirely clear on what you are actually attempting to accomplish here. What resources GlobalProtect uses receive should be done through the security rulebase, not through attributes.
10-05-2021 04:54 AM
Look at step 5 of this document, https://www.bitbodyguard.com/articles/palo-alto-networks/google-cloud-identity-as-saml-idp/. I want to use attributes to pass settings that are applied to the person logging in.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
