Cloud Identity Engine Authentication works fine for GlobalProtect(GP) portal but is failing for GP gateway

Cloud Identity Engine Authentication works fine for GlobalProtect(GP) portal but is failing for GP gateway

1062
Created On 10/24/22 06:47 AM - Last Modified 02/07/25 03:42 AM


Symptom


Authentication profile has been configured with Cloud Authentication service seems to be failing for GP gateway but works fine for GP portal.

Environment


  • Prisma Access
  • Supported PAN-OS
  • GlobalProtect (GP) PortalĀ 
  • GlobalProtect (GP) Gateway

Cause


"Use Default Browser for SAML Authentication" is set to no under GlobalProtect Portal app configuration.

Resolution


  1. Configure "Use Default Browser for SAML Authentication" to "yes" under portal app configuration.
  2. This is a required configuration for CIE authentication flow with portal/gateways.

Additional Information


Edit the default browser settings for the GlobalProtect app.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEhvCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail