3rd party IDP user is upgraded to SSO admin

3rd party IDP user is upgraded to SSO admin

537
Created On 10/03/25 09:42 AM - Last Modified 01/26/26 05:12 AM


Question


Why can I not login to Palo Alto Networks apps and services with 3rd party IDP after being upgraded to SSO admin role in Support Portal? 

Environment


sso.paloaltonetworks.com

Answer


If a domain is configured for 3rd party IDP, the users have to be added on the IDP platform and in Customer Support Portal with a role.

CSP SSO admins have to use Palo Alto Networks SSO. Users with any other role but SSO admin may use the 3rd party IDP SSO.

If a user, who was already using the 3rd party IDP SSO, is upgraded in Support portal to SSO admin, the user will hit an error at the first login to any Palo Alto Networks apps and services portal because he does not have a Palo Alto Networks generated password. 

 

 

 

You need to create a Palo Alto Networks SSO password. If you do not have the Forgot password? option, click Unlock Account. If you can create a new password via the verification code you got, do so. 

If you still cannot create a new password, contact support

Additional Information


How to Create an Admin case from Customer Support Portal

How to Enable a Third-party IDP Provider 

Password Policy for Palo Alto Networks SSO

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fyGfKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail