https://live.paloaltonetworks.com/t5/automation-api-discussions/pre-logon-on-apple-mac/m-p/221687#M1723 <P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/GlobalProtect-Requests-System-Keychain-Access-on-Mac-OS-X/ta-p/53332" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/GlobalProtect-Requests-System-Keychain-Access-on-Mac-OS-X/ta-p/53332</A></P><P><BR />Issue<BR /><BR />Machine Certificate authentication is used on MAC OS X clients. During the GlobalProtect connection process, the user needs to enter the Local Administrator account credentials to allow access to the System keychain twice.</P><P>&nbsp;</P><P>Cause<BR /><BR />When using Machine Certificates with GlobalProtect on Mac OS X Clients, the certificate must be accessed from the "System" keychain in MAC OS X.&nbsp; This will cause a Keychain Access prompt to appear twice when the client attempts to access the certificate for verification against both portal and gateway.<BR /><BR />Workaround<BR /><BR /><STRONG>&nbsp;&nbsp;&nbsp; Open the Keychain Access application and locate the Machine Certificate issued to Mac OS X Client in the System keychain.</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Right-click on the private key associated with Certificate and click Get Info, then go to the Access Control tab</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Click '+' to select an Application to allow</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Press key combination &lt;Command&gt; + &lt;Shift&gt; + G to open Go to Folder</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Enter '/Applications/GlobalProtect.app/Contents/Resources' and click Go</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Find PanGPS and click it, and then press Add</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Save Changes to private key</STRONG></P><P>&nbsp;</P><P><EM>PS: our MAC begin connecting only after all apps access were given to the key file.</EM><BR /><BR />The steps above allows GlobalProtect access to only THIS certificate and private key.&nbsp; It will no longer prompt for keychain access, giving users a seamless, no-touch experience with Palo Alto Networks GlobalProtect.<BR /><BR />Note:<BR /><BR />The procedure has to be done again every time client is updated.</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/macOS-X-10-13-amp-iOS-11-New-Requirements-for-GlobalProtect/ta-p/179049" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/macOS-X-10-13-amp-iOS-11-New-Requirements-for-GlobalProtect/ta-p/179049</A></P> Wed, 11 Jul 2018 08:32:20 GMT MaximAvtonenko 2018-07-11T08:32:20Z https://live.paloaltonetworks.com/t5/automation-api-discussions/pre-logon-on-apple-mac/m-p/39914#M936 <HTML><HEAD></HEAD><BODY><P>I can't get it working Mac. Can someone please help?</P><P>I've the company issued certificated installed on Mac. Do I need to enable something on the Mac itself?</P><P></P><P>Thanks,</P><P>Touqeer</P></BODY></HTML> Mon, 10 Aug 2015 18:42:27 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/pre-logon-on-apple-mac/m-p/39914#M936 Touqeer 2015-08-10T18:42:27Z https://live.paloaltonetworks.com/t5/automation-api-discussions/pre-logon-on-apple-mac/m-p/221687#M1723 <P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/GlobalProtect-Requests-System-Keychain-Access-on-Mac-OS-X/ta-p/53332" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/GlobalProtect-Requests-System-Keychain-Access-on-Mac-OS-X/ta-p/53332</A></P><P><BR />Issue<BR /><BR />Machine Certificate authentication is used on MAC OS X clients. During the GlobalProtect connection process, the user needs to enter the Local Administrator account credentials to allow access to the System keychain twice.</P><P>&nbsp;</P><P>Cause<BR /><BR />When using Machine Certificates with GlobalProtect on Mac OS X Clients, the certificate must be accessed from the "System" keychain in MAC OS X.&nbsp; This will cause a Keychain Access prompt to appear twice when the client attempts to access the certificate for verification against both portal and gateway.<BR /><BR />Workaround<BR /><BR /><STRONG>&nbsp;&nbsp;&nbsp; Open the Keychain Access application and locate the Machine Certificate issued to Mac OS X Client in the System keychain.</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Right-click on the private key associated with Certificate and click Get Info, then go to the Access Control tab</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Click '+' to select an Application to allow</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Press key combination &lt;Command&gt; + &lt;Shift&gt; + G to open Go to Folder</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Enter '/Applications/GlobalProtect.app/Contents/Resources' and click Go</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Find PanGPS and click it, and then press Add</STRONG><BR /><STRONG>&nbsp;&nbsp;&nbsp; Save Changes to private key</STRONG></P><P>&nbsp;</P><P><EM>PS: our MAC begin connecting only after all apps access were given to the key file.</EM><BR /><BR />The steps above allows GlobalProtect access to only THIS certificate and private key.&nbsp; It will no longer prompt for keychain access, giving users a seamless, no-touch experience with Palo Alto Networks GlobalProtect.<BR /><BR />Note:<BR /><BR />The procedure has to be done again every time client is updated.</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/macOS-X-10-13-amp-iOS-11-New-Requirements-for-GlobalProtect/ta-p/179049" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/macOS-X-10-13-amp-iOS-11-New-Requirements-for-GlobalProtect/ta-p/179049</A></P> Wed, 11 Jul 2018 08:32:20 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/pre-logon-on-apple-mac/m-p/221687#M1723 MaximAvtonenko 2018-07-11T08:32:20Z