Globalprotect Azure-AD SAML Integration - Policy Based Groups Azure-AD
Globalprotect Azure-AD SAMLIntegration - Policy Based Groups Azure-AD
Hello PanGurus! , how's it going? I hope it's going well.
For licensing issues Azure AD only has Azure-ad then at the enterprise app level I can only assign users, but I have my doubt operates well with groups, ie in the Assign part, I can assign Groups and not just users to authenticate without having problems with GP? at the level of the enterprise app with Azure-AD SAML Globalprotect PANW.
Is it feasible to make group based policies, ie:
GP source zone - destination DMZ01 Azure Source Group: IT01
I.e. Azure Group-AD IT01@contoso.com , another with SEC01@contos.com Infra@contoso.com.
This to avoid having to make policies, user, by user, to reach and filter the destinations.
That is, once the client connects, it recognizes that X user recognizes X group.
Is this feasible ? There is no AD-Onprem.
Thank you I remain attentive
Best regards
Hi master reaper, thanks as always
So can for the auth assign group and the enterprise app will do it right and validate the users within the group, in the assign group of the enterprise app, for the OK, auth, for the GP Auth from the enterprise APP, entering the user within the assigned groups of the Azure enterprise app for SAML office 365?
Understanding that they are two different processes, that means I must have something com LDAP Mapping for the groups to then use them in the security policies.
But what happens when the costumer only has azure ad and group and will use SAML for authentication, can I simply in the policy put a group and it will recognize the group user(s) or must it look for the method as it is done with ldap ad onprem ??
Thank you master for your time, collaboration and great patience.