So we recently enabled SAML against Azure and it has largely been successful. One issue we've run into with a small number of users is Ubuntu does not work now.
On the page about installing the client on Linux there is the below note regarding Ubuntu, but no additional details and so far googling is failing me for finding out any.
"Due to restrictions for Microsoft Azure support for Ubuntu operating systems, the GlobalProtect App for Linux does not support SAML when Microsoft Azure is used as the SAML identity provider."
Any insights?
Technically that's a valid solution, but from an audit compliance stance it puts us into having to sort out and maintain two separate MFA solutions which isn't viable from a staffing perspective. My current stance is that Ubuntu users need to switch to RHEL/CentOS till Microsoft and Ubuntu decide to play nice regarding SAML
You can create authentication profiles based on the operating system of your client, that way you can set a regular LDAP auth for linux, and have everything else authenticate against SAML