Prisma Cloud: Multiple users are not able to access their tenant via SSO

Prisma Cloud: Multiple users are not able to access their tenant via SSO

6696
Created On 03/30/22 19:37 PM - Last Modified 10/26/22 18:40 PM


Symptom


User's using the IdP(Identity Provider) whose Entity ID and Assertion Consumer Service (ACS) URL had “redlock.io” got impacted by the change made in the backend. View our release notes for reference. 

Environment


  • Prisma Cloud
  • Identity Provider (IdP)
  • Single Sign On (SSO)

Cause


  • The routing config change caused the disruption.
  • The change happened recently and the issue customer’s are facing was unexpected, the immediate resolution Engineering came up with was to change the “redlock.io” to “prismacloud.io” on their SSO config in IDP(Identity Provider).
  • The routing config change that caused the disruption, has been reverted back on the stacks which reported issue(app,app2,app3 and app-anz).

Resolution


  1. For Immediate resolution, customer needs to replace the SAML and Audience URL on their IDP(Identity Provider) which has redlock.io with prismacloud.io.
  2. Since the change is reverted back on the app,app2, app3 and app-anz where most customers have their SSO config with redlock.io can continue using the same config. Those made the change already by replacing redlock.io to prismacloud.io don't need to change their config back.

Additional Information


This redlock.io interruption is unintended so it was not communicated. In future when we are ready to remove redlock.io we will communicate with the customers before hand and give ample time to get this changed at the customer side.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNUdCAM&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language