Panorama admin UI - Okta SAML

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Panorama admin UI - Okta SAML

L0 Member

Hi, we are trying to configure the Panorama SAML authentication within our Okta tenant, and we couldn't get it done due to an invalid sign-in certificate in the "Authentication profile" section.

 

We have followed the following Palo Alto and Okta documents below, generated an authority certificate, and published it to the Okta app via the API call according to the Okta CSR generation process:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXP#:~:text=updated%20it%...

 

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-Admin-UI.html?b...

 

It seems like Palo Alto detects sign in certificates only if they are within a private key in the profile itself and not by request as Okta works (Every sign request generates a key)

 

I'm wondering how to make it work if we have a signed authority certificate that works great on Okta(the logs show it) but is not accepted by the Panorama console.

 

It would be great if someone who is familiar with the process could give us some insights about connecting the Panorama admin UI within Okta SAML.

 

Thanks!

 

0 REPLIES 0
  • 290 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!