We have Okta authentication set up and working on our GP portals, but a strange issue was causing failures for quite a while, and we couldn't figure it out even working with Palo Alto tech support for many days. The issue was that authentication would succeed, and then the GP agent would tell us, "You are not authorized to connect to GlobalProtect portal." The symptoms were very much the same as another reported issue, here: https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000PLSO but the root cause was a little different, because you could clearly see the User-IDs were associated with the AD groups we expected when you viewed them with the "show users" CLI command.

SOFTWARE ・ 7 DAYS AGO