https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998677#M6257 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1568460073">@GWong4</a>&nbsp;,</P> <P>&nbsp;</P> <P>Changing your password upon first logon while connecting to GP and using local user database auth is not natively supported, but you can enforce it using other auth methods like ldap, radius, and saml. For example, user signs into GP that initiates a saml auth request to your IdP of choice. An embedded browser pops-up to sign into your sso service url and your IdP forces users to change their password.&nbsp;Once completed, the IdP sends a saml response back to GP, allowing access. **This can work with radius/ldap server as well. You can also throw in&nbsp;<SPAN>Google Authenticator into the mix through radius or saml.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Are you looking to deploy GlobalProtect for the first time? Do you have an idea of how you want to handle authentication?&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Happy to help!&nbsp;</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 17 Dec 2024 21:02:53 GMT JayGolf 2024-12-17T21:02:53Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998366#M6248 <P data-sourcepos="3:1-3:50">I have two inquiries regarding GlobalProtect VPN:</P> <OL data-sourcepos="5:1-8:0"> <LI data-sourcepos="5:1-6:0"> <P data-sourcepos="5:4-5:132"><STRONG>Password Change:</STRONG> Is there a feature that mandates users to change their GlobalProtect VPN password after their initial login?</P> </LI> <LI data-sourcepos="7:1-8:0"> <P data-sourcepos="7:4-7:113"><STRONG>MFA Support:</STRONG> Does GlobalProtect VPN support Multi-Factor Authentication (MFA) using Google Authenticator?"</P> </LI> </OL> <P>Best Regards</P> <P data-sourcepos="9:1-9:21">&nbsp;</P> Sat, 14 Dec 2024 09:13:37 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998366#M6248 GWong4 2024-12-14T09:13:37Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998677#M6257 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1568460073">@GWong4</a>&nbsp;,</P> <P>&nbsp;</P> <P>Changing your password upon first logon while connecting to GP and using local user database auth is not natively supported, but you can enforce it using other auth methods like ldap, radius, and saml. For example, user signs into GP that initiates a saml auth request to your IdP of choice. An embedded browser pops-up to sign into your sso service url and your IdP forces users to change their password.&nbsp;Once completed, the IdP sends a saml response back to GP, allowing access. **This can work with radius/ldap server as well. You can also throw in&nbsp;<SPAN>Google Authenticator into the mix through radius or saml.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Are you looking to deploy GlobalProtect for the first time? Do you have an idea of how you want to handle authentication?&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Happy to help!&nbsp;</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 17 Dec 2024 21:02:53 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998677#M6257 JayGolf 2024-12-17T21:02:53Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998710#M6264 <P>Hi jayGolf,</P> <P>Thanks for the explanation is because the GP is mainly for external vendor use. Hence I think it is better isolated the external vendor login via firewall features itself.&nbsp;</P> <P>Anyway thanks for the explanation&nbsp;</P> Wed, 18 Dec 2024 02:49:28 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-vpn-enforcing-password-changes-and-google/m-p/998710#M6264 GWong4 2024-12-18T02:49:28Z