Cloud Identity Engine - Multi Auth Profile

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cloud Identity Engine - Multi Auth Profile

L1 Bithead

Hello All . 

 

Have a very simple thing I am trying to do but as ever things are not so simple with Palo . 

I'm using Prisma SASE  and this focus around this question is Cloud ID Engine & Global Protect. 

WE are AAD only with no on premise resources .

I currently use  Azure AD as my IDP and all is well with it . 

Problem happens when I need to add a second Azure AD for a company we are working with . 

Should be as simple as create a SEQUENCE auth policy , trouble is , this does not work if you are using SAML.

I  have setup the required Enterprise Application  - CIE - Authentication . 

The way  I am told to go is to use a MULTI profile in CIE that points to the two AAD  IDP . 

I have tested both AAD IDPs in CIE independently and they both work OK . 

When I set them up using a  MULTI auth profile in CIE it all goes wrong.

 

Firstly , the MULTI profile  attempts to connect again BOTH IDPs  which involves multiple authentication attempts ro what seems a proxy Palo Alto portal  ,

https://cloud-auth.de.apps.paloaltonetworks.com/sp/acs

It just does not work , the only other way is to joind the AADs together but I a m loathe to do this  as PAlo does say it works with a multi profile. Anyone done this ?

 

 

 

0 REPLIES 0
  • 291 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!