Auth0 and Palo Alto Global Protect

Hi,
Quite new to SAML and Auth0 and trying to integrate Auth0 as SAML IdP with Palo Alto Global Protect
and having 2 issues:

  1. the Authentication the Global Protect Portal works fine but the User ID being passed is in a format auth0|349423438493248932 which doesnt work as we use Username or Email Address as the identifier so how can I change this in Auth0?
  2. the second part of the authentication to the global protect gateway fails and in the global prtect logs i see invalid gateway credentials auth0|349423438493248932 but i also see the username change to auth0%7c349423438493248932

can anyone help on how to change point 1 and why point 2 is failing? i have specified both URL’s created the SP (Firewall) into the Callback URLs within the application settings but cant figure out what is causing the failure.

Thanks

Hello, @SP2020! Welcome to the Auth0 Community.

You can find a sample rule here, which tells you how to set the NameID claim: https://auth0.com/docs/protocols/saml-configuration-options/customize-saml-assertions#example-changing-the-saml-token-lifetime-and-use-upn-as-nameid

You should configure it to your liking.

As for #2, this is because your system is URLEncoding the value.

Let me know if this helps.