Hi, I've been on hold for nearly 3hrs trying to get through to TAC after raising my L2 ticket online, the automated message told me I should try the live community 🙂 Since upgrading to 10.0 (aiming to get to 10.1.4) admins aren't able to login to Panorama to manage prisma access. Log shows: Authorization failed for user firstname.lastname@example.org via Web from 10.3X.XX.XX : Invalid configuration. No ado/role found email@example.com 03/30 02:35:19 SAML SSO authenticated for user 'firstname.lastname@example.org . auth profile 'Okta-MGMT-Profile', vsys 'shared', server profile 'Okta-management-SAML', IdP entityID 'http://www.okta.com/XXXXXXXX', From:10.3X.XX.XX 03/30 02:35:19 The users have dynamic "super user" role assigned. I'm not sure what "ado" means in the above log but it seems like SAML is authenticating successfully. Any help appreciated.
... View more