- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Hello All .
Have a very simple thing I am trying to do but as ever things are not so simple with Palo .
I'm using Prisma SASE and this focus around this question is Cloud ID Engine & Global Protect.
WE are AAD only with no on premise resources .
I currently use Azure AD as my IDP and all is well with it .
Problem happens when I need to add a second Azure AD for a company we are working with .
Should be as simple as create a SEQUENCE auth policy , trouble is , this does not work if you are using SAML.
I have setup the required Enterprise Application - CIE - Authentication .
The way I am told to go is to use a MULTI profile in CIE that points to the two AAD IDP .
I have tested both AAD IDPs in CIE independently and they both work OK .
When I set them up using a MULTI auth profile in CIE it all goes wrong.
Firstly , the MULTI profile attempts to connect again BOTH IDPs which involves multiple authentication attempts ro what seems a proxy Palo Alto portal ,
It just does not work , the only other way is to joind the AADs together but I a m loathe to do this as PAlo does say it works with a multi profile. Anyone done this ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!