Are special characters allowed in the email address of the users authenticating via 3rd party IDP?

Are special characters allowed in the email address of the users authenticating via 3rd party IDP?

550
Created On 02/26/25 11:46 AM - Last Modified 02/26/25 12:08 PM


Question


Are special characters allowed in the email address of the users authenticating via 3rd party IDP?

Environment


CSP

Third Party IdP

Answer


No, if your  email domain is configured / enabled for using your company’s local IDP to authenticate to PANW portals - there is  Okta    limitation with   SAML response decryption process.  

You can create and add the user with the special character in the email address but the user will get “ Error 400 Access Denied”  during  SSO login flow. 

The workaround :  assign the user with Domain Administrator role so the user is forced to authenticate using PANW SSO, in this case the special character in the email is accepted  .

 

Additional Information


How To Enable a Third-Party Identity Provider (IdP)

How to disable Third Party IDP (3IDP)

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HF7rCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail