https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534469#M109982 <P>Hi,</P> <P>Thought it might be worth asking here, maybe you can help me <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>We're using Prisma Access and the Global Protect client to log in to VPN. We're also using OKTA to authenticate.</P> <P>&nbsp;</P> <P>Is there any way to somehow automate the login to the client, and maybe in a way, somehow enforce the login? We basically want all of our users to keep login into GP without a way to disable it (for security visibility). It should be completely seamless for the user, with as less user intervention as possible.</P> <P>&nbsp;</P> <P>Right now, we're using an Always-ON mode, with an option to disable the client with only a passcode. That being said, in a restart laptop/cookie expiration, it just pops up the regular OKTA authentication, without anything preventing the user from closing it, and then the client stays on "connecting...".</P> <P>&nbsp;</P> <P>Is there anything that you could suggest to me for this to work? Is there anyone here using the pre-logon connection method? is it reliable?&nbsp;</P> <P>&nbsp;</P> <P>*We're also using Jamf Connect, if it matters</P> Wed, 15 Mar 2023 15:13:48 GMT nivhovav 2023-03-15T15:13:48Z https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534469#M109982 <P>Hi,</P> <P>Thought it might be worth asking here, maybe you can help me <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>We're using Prisma Access and the Global Protect client to log in to VPN. We're also using OKTA to authenticate.</P> <P>&nbsp;</P> <P>Is there any way to somehow automate the login to the client, and maybe in a way, somehow enforce the login? We basically want all of our users to keep login into GP without a way to disable it (for security visibility). It should be completely seamless for the user, with as less user intervention as possible.</P> <P>&nbsp;</P> <P>Right now, we're using an Always-ON mode, with an option to disable the client with only a passcode. That being said, in a restart laptop/cookie expiration, it just pops up the regular OKTA authentication, without anything preventing the user from closing it, and then the client stays on "connecting...".</P> <P>&nbsp;</P> <P>Is there anything that you could suggest to me for this to work? Is there anyone here using the pre-logon connection method? is it reliable?&nbsp;</P> <P>&nbsp;</P> <P>*We're also using Jamf Connect, if it matters</P> Wed, 15 Mar 2023 15:13:48 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534469#M109982 nivhovav 2023-03-15T15:13:48Z https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534474#M109983 <P>Haven't mentioned but we're using macOS</P> Wed, 15 Mar 2023 15:30:05 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534474#M109983 nivhovav 2023-03-15T15:30:05Z https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534600#M109994 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/258425">@nivhovav</a>,</P> <P>You might want to think about changing over to a certificate for the actual tunnel and then using an authentication policy to capture the actual login instead. This would ensure that the tunnel is always connected, while still giving you the ability to enforce user authentication to capture the user-id and access resources.&nbsp;</P> Wed, 15 Mar 2023 20:34:24 GMT https://live.paloaltonetworks.com/t5/general-topics/connect-automatically-to-global-protect-using-okta-cred/m-p/534600#M109994 BPry 2023-03-15T20:34:24Z