GlobalProtect supports various authentication methods, including SAML 2.0 IdP. This example shows setting up authentication through OneLogin.
OneLogin
First, let’s add an application, for this, in the OneLogin admin interface, go to "Applications" and click "Add App"
In the search bar, enter "globalprotect" and click on it
In the settings, set the name of the application and click "Save"
Next, in the application settings, go to the "Configuration" item, and in the "Domain" field specify the domain name for GlobalProtect.
In the "Login URL" field, enter the following:
https://YOUR_GP_DOMAIN/global-protect/getsoftwarepage.esp
So that from the OneLogin portal we can get to the download page of the GlobalProtect client
This completes the configuration from the OneLogin side, needs to save the changes, and downloads the SAML Metadata file. To do this, click on "More Actions" in the upper right corner and select "SAML Metadata"
Firewall
Import the SAML Metadata file, for this go to the "Device" -> "Server Profiles" -> "SAML Identity Provider" tab and select "Import" in the lower left corner
Let’s create an Authentication Profile, to do this, go to the "Device" -> "Authentication Profile" tab and select "Add". Specify a name and in the "IdP Server Profile" field select the profile that was imported in the previous step, leaving all other settings as default.
Go to the "Advanced" tab and add "all" to the "Allow List".
Click "OK" and save the changes, for this, click "Commit" in the upper right corner. Now we can use this Authentication Profile to authenticate with GlobalProtect.