Palo Alto VM-Series Firewall: GlobalProtect – OneLogin SAML


GlobalProtect supports various authentication methods, including SAML 2.0 IdP. This example shows setting up authentication through OneLogin.


First, let’s add an application, for this, in the OneLogin admin interface, go to “Applications” and click “Add App

In the search bar, enter “globalprotect” and click on it

In the settings, set the name of the application and click “Save

Next, in the application settings, go to the “Configuration” item, and in the “Domain” field specify the domain name for GlobalProtect.

In the “Login URL” field, enter the following:


So that from the OneLogin portal we can get to the download page of the GlobalProtect client


This completes the configuration from the OneLogin side, needs to save the changes, and downloads the SAML Metadata file. To do this, click on “More Actions” in the upper right corner and select “SAML Metadata



Import the SAML Metadata file, for this go to the “Device” -> “Server Profiles” -> “SAML Identity Provider” tab and select “Import” in the lower left corner

Let’s create an Authentication Profile, to do this, go to the “Device” -> “Authentication Profile” tab and select “Add“. Specify a name and in the “IdP Server Profile” field select the profile that was imported in the previous step, leaving all other settings as default.

Go to the “Advanced” tab and add “all” to the “Allow List“.

Click “OK” and save the changes, for this, click “Commit” in the upper right corner. Now we can use this Authentication Profile to authenticate with GlobalProtect.

Tagged: Tags

Notify of

Inline Feedbacks
View all comments