[Prisma Cloud SSO] Authentication Failed with Error: Unexpected value of required field 'SAML_CUSTOMER'

[Prisma Cloud SSO] Authentication Failed with Error: Unexpected value of required field 'SAML_CUSTOMER'

3091
Created On 02/03/23 02:48 AM - Last Modified 10/06/23 02:32 AM


Symptom


  • When logging into Prisma Cloud with custom SSO (SAML), getting the following Error:
saml_error.jpg

Environment


  • Prisma Cloud
  • Third-party SSO (Not the SSO from Hub)

Cause


  • Wrong Audience URI (SP Entity ID) configured on the SSO provider such as OKTA, Azure AD, Secureauth98, ..etc.
  • The SSO is disabled

Resolution


  • Ensure the SSO feature is enabled
    • Prisma Cloud UI > Settings > Access Control > SSO > Enabled
Screenshot 2023-02-03 at 10.41.16 AM.png
  • Ensure the configured Audience URI (SP Entity ID) on the SSO provider, is exactly the same as the value found from Prisma Cloud UI > Settings > Access Control > SSO
    • Take Azure AD as example, the Identifier (Entity ID) in Azure AD should match the Audience URI (SP Entity ID) of Prisma Cloud:
      • The value in Azure Home > Enterprise Application > "Prisma Cloud SSO App" > Single sing-on:
Screenshot 2023-02-03 at 10.33.10 AM.png
  • The value in Prisma Cloud UI > Settings > Access Control > SSO :
Screenshot 2023-02-03 at 10.39.05 AM.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000san2CAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail