To Integrate Okta with SAML on Palo Alto Firewalls.
Environment
Palo Alto Firewalls
PAN-OS v 8.1 and above
OKTA SAML Integration
Procedure
Okta has published a few SAML Applications.
The Palo Alto Networks next-generation firewall can act as the service provider for the following end points:
Admin UI of Firewall/Panorama
Captive Portal
GlobalProtect Portal
GlobalProtect Gateway
Clientless SSL VPN
(Note: When you have self signed Certificate from IDP, you won't be able to enable Validate Identity Provider Certificate. Please make sure that you are on PAN-OS 8.1.15, 9.0.9, 9.1.3 or later to mitigate exposure to https://security.paloaltonetworks.com/CVE-2020-2021).