Globalprotect fails with "connection failure" when changing GP Portal while using SSO

• SSO (Single Sign-on) is being used to connect to Portal1
• When changing the portal to Portal2, the same SSO credentials is being used on the second portal
• If the SSO user is not allowed to login to Portal2, GlobalProtect client will display an error message "Connection failed: You are not authorized to connect to GlobalProtectPortal"

• Palo Alto Firewalls
• Supported PAN-OS
• GlobalProtect Portal
• Single Sign on (SSO) enabled.

This is a default behavior for GlobalProtect when SSO is enabled.

1. The workaround  is to disable Single Sign on (SSO).
2. If the feature is required, submit a feature request with the account team.

(P2760-T4068)Debug(9088): 03/07/23 00:52:18:948 ----Portal Login starts----
(P2760-T4068)Debug(8122): 03/07/23 00:52:18:948 User name for cached portal confg: user1
...
(P2760-T4068)Debug(2257): 03/07/23 00:52:18:948 Unserialized non-empty cookie for portal 10.46.42.203 and pre-logon user.
...
(P2760-T4068)Dump (9197): 03/07/23 00:52:18:948 Login...
(P2760-T4068)Dump (9223): 03/07/23 00:52:18:948 pszPortalString = 000002CE4AFCFC90, new char[868];
(P2760-T4068)Debug(9231): 03/07/23 00:52:18:948 m_szDomainAndUsername is user1
(P2760-T4068)Debug(13642): 03/07/23 00:52:18:948 Portal auth method: credential, auth src: SSO <-----

(P2760-T4068)Debug(9088): 03/07/23 00:52:23:932 ----Portal Login starts----
(P2760-T4068)Debug(8122): 03/07/23 00:52:23:932 User name for cached portal confg: user1
...
(P2760-T4068)Debug(2257): 03/07/23 00:52:23:932 Unserialized empty cookie for portal 10.46.36.203 and pre-logon user.
...
(P2760-T4068)Dump (9197): 03/07/23 00:52:23:932 Login...
(P2760-T4068)Dump (9223): 03/07/23 00:52:23:932 pszPortalString = 000002CE4A2C5BC0, new char[479];
(P2760-T4068)Debug(9231): 03/07/23 00:52:23:932 m_szDomainAndUsername is user1
(P2760-T4068)Debug(13642): 03/07/23 00:52:23:932 Portal auth method: credential, auth src: SSO