@@techfrapi the issue was that authentication couldn’t find users in azure profile I added like domain \ username, it can understand it after I added it like user @ domainname .
Bro, i have one more question))) if I have more than 1 NGF Palo Alto with different configs, can i create/use different API on Azure for each NGF? because 1 of them have redirect port forward from 443 to 7755 to portal/gateway, another work with 443... what you recomend to do? separate api for each hardware nff or use one universal api for all?
Hello good man))) Thank you for these guide. I did all these step by step but in the end i got error when global protect open his browser for azure sign in, its sign in but gp cant connect and its trying and trying but not conecting(((
@@techfrapi we use PA-820 Software Version 10.2.0 GlobalProtect Agent 6.1.0, i have changed Single sign on (windows) to NO, and Default browser for SAML auth to ON
![GlobalProtect Internal Gateway with SAML/OKTA [2024]](http://i.ytimg.com/vi/5PvzQ2GoUR0/mqdefault.jpg)
![Palo Alto GlobalProtect with Pre-Logon [2024]](/img/1.gif)
That's exactly what I was looking for. Thank you !
Glad I could help!
Exactly that's what I was looking for. thanks!!
Glad I could help!
It works 😊 i did it today! Thanks a lot for you!
I am glad you manage it to work, Good job
what was the issue
@@techfrapi the issue was that authentication couldn’t find users in azure profile I added like domain \ username, it can understand it after I added it like user @ domainname .
@@techfrapi because I didn’t select all users, I added some for testing manually
Did you install and use the Cloud Identity Agent on windows machine? or it must work without installed agent?
You dont need to install CIE on your pc
Bro, i have one more question))) if I have more than 1 NGF Palo Alto with different configs, can i create/use different API on Azure for each NGF? because 1 of them have redirect port forward from 443 to 7755 to portal/gateway, another work with 443... what you recomend to do? separate api for each hardware nff or use one universal api for all?
It work’s also with redirect port, with the same api & profile👍 just test it today.
One API is fine, i have done many firewalls with one, as i need all to have access to same Azure AD
Dear Tech Frapi, do you mind to share which GP version is that? I have 6.1.1 but there's no Sign out button on the bottom left 😂 11:22
Many thanks
You might configure always-on and thats why you dont have a sign out. Please check and let me know.
If thats not the case i will have look
For CIE we don't require SAML identity provider
What do you use
i have success log viewer on hub portall and Authentification error page inforrmation by firewall after successfully sign in with multifactor auth(((
check if you have multifactor enabled in Azure
Hello good man))) Thank you for these guide. I did all these step by step but in the end i got error when global protect open his browser for azure sign in, its sign in but gp cant connect and its trying and trying but not conecting(((
What OS of PA do you use. Also is very important to choose Single sign on (windows) NO, and Default browser for SAML auth ON
@@techfrapi one note: we have redirect in NAT rule and Policy port 443 to 7755 port
@@techfrapi we use PA-820 Software Version 10.2.0 GlobalProtect Agent 6.1.0, i have changed Single sign on (windows) to NO, and Default browser for SAML auth to ON
@@Eminchm Did you redirect your GP to use 7755
@@techfrapi only in palo alto