<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Palo Alto GlobalProtect VPN Client Error "Authentication Failed"
Jan 12, 2026
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article addresses an issue where users fail to authenticate when using the Palo Alto GlobalProtect VPN client and provides a resolution to the issue. This situation occurs specifically within the VPN client application and does not apply to browser-based sessions. This failure happens when the client is configured to use an embedded browser for authentication instead of the default system browser.

 

The following error is generated:

Authentication Failed

Please contact the administrator for further assistance

 

Error message

Applies To
  • Palo Alto GlobalProtect VPN client
  • SAML authentication
Cause

The Palo Alto GlobalProtect VPN client is configured to use an internal embedded browser for SAML authentication, which fails to complete the authentication process. Switching to the default system browser resolves this incompatibility.

 
Solution

Follow the steps in the vendor documentation Use the Default System Browser for SAML Authentication to switch the VPN client from the embedded browser to the default system browser.

Recommended content

Still looking for help?
Loading
Palo Alto GlobalProtect VPN Client Error "Authentication Failed"