3rd party IDP user is upgraded to Domain admin

3rd party IDP user is upgraded to Domain admin

290
Created On 10/03/25 09:42 AM - Last Modified 10/03/25 11:08 AM


Question


Why can I not login to Palo Alto Networks apps and services with 3rd party IDP after being upgraded to Domain admin role in Support Portal? 

Environment


sso.paloaltonetworks.com

Answer


If a domain is configured for 3rd party IDP, the users have to be added on the IDP platform and in Customer Support Portal with a role.

CSP Domain admins have to use Palo Alto Networks SSO. Users with any other role but Domain admin may use the 3rd party IDP SSO.

If a user, who was already using the 3rd party IDP SSO, is upgraded in Support portal to Domain admin, the user will hit an error at the first login to any Palo Alto Networks apps and services portal because he does not have a Palo Alto Networks generated password. 

 

 

 

You need to create a Palo Alto Networks SSO password. If you do not have the Forgot password? option, click Unlock Account. If you can create a new password via the verification code you got, do so. 

If you still cannot create a new password, contact support

Additional Information


How to Create an Admin case from Customer Support Portal

How to Enable a Third-party IDP Provider 

Password Policy for Palo Alto Networks SSO

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fyGfKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail