cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

Cloud Identity Engine - Multi Auth Profile

L1 Bithead

Hello All . 

 

Have a very simple thing I am trying to do but as ever things are not so simple with Palo . 

I'm using Prisma SASE  and this focus around this question is Cloud ID Engine & Global Protect. 

WE are AAD only with no on premise resources .

I currently use  Azure AD as my IDP and all is well with it . 

Problem happens when I need to add a second Azure AD for a company we are working with . 

Should be as simple as create a SEQUENCE auth policy , trouble is , this does not work if you are using SAML.

I  have setup the required Enterprise Application  - CIE - Authentication . 

The way  I am told to go is to use a MULTI profile in CIE that points to the two AAD  IDP . 

I have tested both AAD IDPs in CIE independently and they both work OK . 

When I set them up using a  MULTI auth profile in CIE it all goes wrong.

 

Firstly , the MULTI profile  attempts to connect again BOTH IDPs  which involves multiple authentication attempts ro what seems a proxy Palo Alto portal  ,

https://cloud-auth.de.apps.paloaltonetworks.com/sp/acs

It just does not work , the only other way is to joind the AADs together but I a m loathe to do this  as PAlo does say it works with a multi profile. Anyone done this ?

 

 

 

Who Me Too'd this topic