Forum Discussion

Rajkumar_Manibharathy's avatar
Rajkumar_Manibharathy
Copper Contributor
Feb 03, 2020
Solved

Senstive SAML Apps such as Palo Alto GCPS uses SAML for Auth, but MFA bypassed with remember me UI

Hi All,      We are looking to make Palo alto GCPS client work through SAML, integration is successful but when it comes to Authentication with MFA. MFA is bypassed with remember me. Since this is a...
Azure Active Directory (AAD)
  • Rajkumar_Manibharathy's avatar
    Rajkumar_Manibharathy
    Feb 06, 2020

    Updates !!!, Finally it worked with one more change to Azure AD policy.

    But this option is in preview mode i believe, so i am worried about getting in to prod with this.

     

    {{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00","MaxAgeSessionMultiFactor":"00:30:00","MaxAgeMultiFactor":"00:30:00"}}}

Rajkumar_Manibharathy's avatar
Rajkumar_Manibharathy
Copper Contributor
Feb 06, 2020

Mark Lewis  we do not use Helo for business,  device with corporate image both mac and windows it bypasses MFA when remember me is checked. Only not domain joined device it prompts for MFA.

Rajkumar_Manibharathy's avatar
Rajkumar_Manibharathy
Copper Contributor
Feb 06, 2020

Updates !!!, Finally it worked with one more change to Azure AD policy.

But this option is in preview mode i believe, so i am worried about getting in to prod with this.

 

{{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00","MaxAgeSessionMultiFactor":"00:30:00","MaxAgeMultiFactor":"00:30:00"}}}

Resources