User resetting expired password through Global Protect

Claw4609 — Fri, 06 Jan 2023 22:21:34 GMT

Is a user able to update their password (when its expired or a force change is required) in Global Protect when using SAML Azure AD authentication? There is this older document saying its possible when using Radius with PEAP-MSCHAPv2 authentication but I'm wondering about SAML.

Expired Active Directory Password Change for Remote Users (paloaltonetworks.com)

Re: User resetting expired password through Global Protect

S.Cantwell — Sat, 07 Jan 2023 14:57:16 GMT

Hello there. I looked for the article in the current versions of GP Admin Guide and did not find a listing to reset their passwords.
There are choices that can be utilized.

The first is VPN with prelogon (not On Demand)

To enable users to connect and change their expired passwords without administrative
intervention, consider using Remote Access VPN with Pre-Logon.
If a user’s password expires, you can assign a temporary LDAP password to enable
them to log in to GlobalProtect. In this case, the temporary password may be used to
authenticate to the portal, but the gateway login may fail because the same temporary
password cannot be re-used. To prevent this issue, configure an authentication
override in the portal configuration (Network > GlobalProtect > Portal) to enable the
GlobalProtect app to use a cookie to authenticate to the portal and the temporary
password to authenticate to the gateway..

The second choice is that I am pretty sure that O365 or other current MS cloud solutions have a portal where a user can reset their password. I guess this would be outside of GP, which was your request... to change it on GP.. and I do not think that is supported.

What other questions may I answer for you?

topic Re: User resetting expired password through Global Protect in General Topics

User resetting expired password through Global Protect

Re: User resetting expired password through Global Protect