Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

GlobalProtect with SAML to Azure AD - selecting account when activating GP

L0 Member

Hello Community,

 

we´ve configured GP to authenticate via SAML to our Azure AD service so that we can use MFA on GP.

GP is only used by IT employees with their "admin" accounts.

So far, it seems to work fine how its configured.

 

The only problem we are facing is, that some users are not asked which Microsoft account they want to use in GP when they activate GP.

We dont want the "normal" corporate accounts to get used for GP, but on some machines, GP automatically selects their normal accounts when connecting the client and the normal accounts dont have permissions to connect to GP.

Is there a way to "force" a account selection when connection to GP or when authenticating to Azure via SAML? What could be the reason why some machines are automatically selecting an account and others are asking which account should be used for GP? Any Azure cookie or token lifetime?

 

Thanks in advance

Who Me Too'd this topic