10-28-2024 06:09 AM
Hi, we are trying to configure the Panorama SAML authentication within our Okta tenant, and we couldn't get it done due to an invalid sign-in certificate in the "Authentication profile" section.
We have followed the following Palo Alto and Okta documents below, generated an authority certificate, and published it to the Okta app via the API call according to the Okta CSR generation process:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXP#:~:text=updated%20it%...
It seems like Palo Alto detects sign in certificates only if they are within a private key in the profile itself and not by request as Okta works (Every sign request generates a key)
I'm wondering how to make it work if we have a signed authority certificate that works great on Okta(the logs show it) but is not accepted by the Panorama console.
It would be great if someone who is familiar with the process could give us some insights about connecting the Panorama admin UI within Okta SAML.
Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
