This article discusses an issue with the Palo Alto Global Protect application where the groups are not passing through to the application. The following error message appears when users try to log in. This article provides the resolution for this issue.

You are not authorized to connect to GlobalProtect Portal

 

• Palo Alto Global Protect application

In this type of scenario, where GlobalProtect authentication is failing with groups, there are a few potential causes to consider. It is possible that the group mapping is incorrect, which can prevent users from being authorized to connect to the GlobalProtect Portal. Additionally, there may be an issue with how group attributes are being passed between Okta and GlobalProtect.

It is also possible that GlobalProtect itself has a configuration issue. For example, the authentication profile may not be set up correctly, or there may be an issue with the gateway agent configuration. In some cases, there may be a mismatch between the authentication settings in Okta and the authentication settings in GlobalProtect, which can lead to authentication failures.

To troubleshoot this issue, it is important to investigate each of these potential causes and identify the root cause of the problem. This may involve reviewing the configuration settings in both Okta and GlobalProtect, checking the group mappings, and looking for any error messages or logs that could provide more information about the issue.

If encountering the error You are not authorized to connect to GlobalProtect Portal when logging into the GlobalProtect VPN client, one possible solution is to change the username format in the format below in the SAML app for the login to work successfully:

 "domain" + toLowerCase(active_directory.samAccountName) 

1. Access the Okta Admin Console.
2. Navigate to the SAML application.
3. Click the Sign On tab.
4. Set the Application username format to Custom and "domain" + toLowerCase(active_directory.samAccountName)

5. Save the changes.

If the error message still appears, there can be many other reasons why users get this error, and further troubleshooting is required. If further assistance is required, please contact Okta Support.