Prisma Access Gateway Authentication Failed using OKTA-SAML with message "Okta 400 Bad Request"
9438
Created On 07/28/22 05:16 AM - Last Modified 07/30/24 01:36 AM
Symptom
- Prisma Access portal authentication is successful using Okta SAML,
- However, the gateway authentication fails with the error "OKTA 400 Bad Request"
Environment
- Prisma Access
- Global Protect
- Supported versions.
Cause
There are two potential Okta configuration issues:
- If the "Palo Alto Networks - Prisma Access" app is used, the unique Gateway ID may be incorrectly configured.
- If a custom SAML 2.0 application is used, the full list of gateways is not included in the "Requestable SSO URLs" field.
Resolution
- Refer to step 2 of the SAML Authentication Using Okta as IdP for Mobile Users to modify the Unique Gateway ID
- Refer to step 3-2 of the SAML Authentication Using Okta as IdP for Mobile Users to add all gateways to the requestable SSO URLs.