https://live.paloaltonetworks.com/t5/general-topics/difference-between-2fa-certificate-configuration-methods/m-p/596644#M118703 <P>Hello,</P> <P>&nbsp;</P> <P>I would generally match the authentication between the gateway and the portal. If you dont want users to have to enter their credentials on both the gateway and the portal, you could do something like just requiring certificates for the gateway authentication otherwise you should look at GlobalProtect Cookie Authentication&nbsp;<A href="https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-user-authentication/how-does-the-app-know-what-credentials-to-supply/cookie-authentication-on-the-portal-or-gateway" target="_blank">Cookie Authentication on the Portal or Gateway (paloaltonetworks.com)</A></P> Tue, 03 Sep 2024 18:41:33 GMT Claw4609 2024-09-03T18:41:33Z https://live.paloaltonetworks.com/t5/general-topics/difference-between-2fa-certificate-configuration-methods/m-p/596244#M118616 <P>Hi folks - very grateful for some support on this one.</P> <P>I've been led to believe that establishing 2FA on GlobalProtect using credentials and certificates as the authentication methods requires setting up a certificate profile and selecting "No" on the setting&nbsp;<SPAN>"Allow Authentication with User&nbsp;</SPAN>Credentials OR Client Certificate<SPAN>".</SPAN></P> <P><SPAN>My questions is, should that setting be selected on the Portal, the Gateway, or both? Is there any real difference? If, for instance, I selected the setting on the Portal only, could that interfere with the ability to reset Windows passwords on endpoint devices?</SPAN></P> <P>Thank you!</P> Thu, 29 Aug 2024 04:47:09 GMT https://live.paloaltonetworks.com/t5/general-topics/difference-between-2fa-certificate-configuration-methods/m-p/596244#M118616 bancomedia 2024-08-29T04:47:09Z https://live.paloaltonetworks.com/t5/general-topics/difference-between-2fa-certificate-configuration-methods/m-p/596644#M118703 <P>Hello,</P> <P>&nbsp;</P> <P>I would generally match the authentication between the gateway and the portal. If you dont want users to have to enter their credentials on both the gateway and the portal, you could do something like just requiring certificates for the gateway authentication otherwise you should look at GlobalProtect Cookie Authentication&nbsp;<A href="https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-user-authentication/how-does-the-app-know-what-credentials-to-supply/cookie-authentication-on-the-portal-or-gateway" target="_blank">Cookie Authentication on the Portal or Gateway (paloaltonetworks.com)</A></P> Tue, 03 Sep 2024 18:41:33 GMT https://live.paloaltonetworks.com/t5/general-topics/difference-between-2fa-certificate-configuration-methods/m-p/596644#M118703 Claw4609 2024-09-03T18:41:33Z