GlobalProtect with SAML to Azure AD - selecting account when activating GP

Showing results for 
Search instead for 
Did you mean: 

GlobalProtect with SAML to Azure AD - selecting account when activating GP

L0 Member

Hello Community,


we´ve configured GP to authenticate via SAML to our Azure AD service so that we can use MFA on GP.

GP is only used by IT employees with their "admin" accounts.

So far, it seems to work fine how its configured.


The only problem we are facing is, that some users are not asked which Microsoft account they want to use in GP when they activate GP.

We dont want the "normal" corporate accounts to get used for GP, but on some machines, GP automatically selects their normal accounts when connecting the client and the normal accounts dont have permissions to connect to GP.

Is there a way to "force" a account selection when connection to GP or when authenticating to Azure via SAML? What could be the reason why some machines are automatically selecting an account and others are asking which account should be used for GP? Any Azure cookie or token lifetime?


Thanks in advance

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!