Palo Alto Networks - Managing Multiple GlobalProtect Gateways
Jan 28, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview
This article details how to manage multiple GlobalProtect gateways.
Applies To
- Okta Identity Engine
- Okta Classic
- Global Protect
- VPN
Cause
The template Palo Alto Networks SAML app from the OIN catalog supports only a single Base URL or FQDN for SAML authentication. For scenarios with multiple GlobalProtect gateways, this means additional gateways cannot be added to the same integration.
Solution
To resolve this, use the custom SAML app integration in Okta, which allows the configuration of multiple SSO requestable URLs within a single SAML application. This approach simplifies the management of SAML authentication across multiple gateways by eliminating the need to create multiple SAML app integrations, streamlining management, and simplifying authentication across all gateways.
NOTE:
- The built-in template apps in the OIN offer the convenience of not having to worry about vendor updates or potential issues that may arise.
- Custom apps, on the other hand, provide more flexibility and control over the configuration tailored to the organization's needs. However, if there is an update or a change from a vendor, those will not automatically be pushed to the custom app integration.
