Select the Authentication Profile you configured in step 5. Refer to the following Palo Alto Networks documentation for configuring a GlobalProtect Gateway: Refer to the following Palo Alto Networks documentation for configuring a GlobalProtect Portal: Once you have set up the Okta as IDP you need to create either a new Portal or a new Gateway or both for the GlobalProtect components. Select the Advanced tab in the Authentication Profile, then chose the Allow List. IdP Server Profile: Select an IdP Server Profile created in step 4 as the IdP Server Profile from the dropdown.Ĭertificate for Signing Requests: Select None.Įnable Single Logout (optional): Check this option in order to enable SLO. Type: Select SAML from the dropdown menu. Name: Provide a name for the Authentication profile. Navigate to Device > Authentication Profile, click Add, then enter the following: If the difference exceeds this value, authentication fails. Make sure the options Validate Identity Provider Certificate and Validate Metadata Signature are unchecked.Įnter the Maximum Clock Skew, which is the allowed difference in seconds between the system times of the IdP and the firewall at the moment when the firewall validates IdP messages (the default is 60 the range is 1 to 900). Sign into the Okta Admin dashboard to generate this value. Then click Browse to locate and upload it to Palo Alto Networks GlobalProtect: Identity Provider Metadata: Download and save the following. Profile Name: Enter a preferred profile name. Navigate to Device > Server Profiles > SAML Identity Provider. Now that you have completed the set up in Okta, login to your Palo Alto Networks application as an administrator and follow the steps below to configure Okta as your IDP. Note: If global protect is configured on port 443, then the admin UI moves to port 4443. In Okta, select the General tab for the Palo Alto Networks - GlobalProtect app, then click Edit:Įnter into the Base URL field. The Okta/Palo Alto Networks - GlobalProtect SAML integration currently supports the following features:įor more information on the listed features, visit the Okta Glossary. For reference, here is documentation describing How to create a CA-signed certificate for Palo Alto Networks SAML Applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |