DUO + Palo Alto Global Protect

Jeremy B1 · ‎11-24-2025

We are currently using GlobalProtect 6.2.8, and users are using Microsoft Authenticator as MFA for signing into GlobalProtect. We have setup a pilot group to use DUO as MFA for GlobalProtect. When the users click connect on GlobalProtect application, they receive the prompt to enter their email address and network password. Once that information is entered, they receive a prompt on their phone for DUO. They enter the passcode, and they receive a successful acknowledgement. After that the user gets an error " Failed to process request from external authentication provider due to unexpected request data" (See attached) We are using DUO EAM in Microsoft Entra. My test users are able to use DUO MFA for all other cloud apps in M365 environment with no issues. It's just GlobalProtect, that is causing the issue. Any thoughts?

DuoKristina · ‎12-10-2025

Hi @Jeremy B1 !

Another customer was having the same issue with the Palo Alto GP client. They worked with Palo Alto to trace it to an issue with the GP client software.

https://community.cisco.com/t5/other-topics-duo-security/aadsts50012531-failed-to-process-request-from-external/m-p/5317356/highlight/true#M946

They did not come back to confirm if Palo Alto fixed the issue in a subsequent client release. I clicked through the 6.3.3 hc addressed issues here but didn't see one that was obviously related.

Looks like the same person posted to Reddit, but also did not confirm there if it had been fixed either.

Another Redditor noted they did not see the issue with 6.2.7. You might also want to contact Palo Alto support and ask if this issue is fixed in a 6.3.3-hc release or not.

Duo, not DUO.