Why is my IDP (Identity provider) Showing an Incorrect Country for Prisma Browser Users?

Why is my IDP (Identity provider) Showing an Incorrect Country for Prisma Browser Users?

386
Created On 08/08/25 00:09 AM - Last Modified 12/10/25 02:23 AM


Symptom


  • There is a Prisma Browser setup in Australia region. The IP based enforcement using authentication gateway is also setup for SSO (Single Sign on) enforcement 
  • The tenant region is in Australia and the users are also physically in Australia and are not using any VPN or proxy solutions.
  • When the users login to Prisma Browser, the IDP (Okta in this example) show location notifications from unexpected countries like India, Germany Or UK.Okta showing login from india 

 

Okta showing login from Germany

 

Environment


Prisma Browser

Cause


  • The IP based enforcement is available only in specific Compute regions. The IP address Okta is reporting likely belongs to one of the Asia-south1 (Mumbai) or  europe-west3 (Frankfurt) regions. 
    us-east4 (Ashburn, Virginia)
us-west1 (Portland)
europe-west2 (London)
europe-west3 (Frankfurt)
Asia-south1 (Mumbai)
  • This flow is only applicable to  the authentication traffic and not for the traffic processing once the users are logged in.
  • The current workflow as documented in the above link, does not allow the administrator to choose a region.

Resolution


  1. This is currently the expected behavior.
  2. An enhancement request has been filed to support more regions and let the users choose the region. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000kA8vKAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail