How are you. i hope you are doing well. i need one suggestion from you guys... One of the our customer using Global Protect Remote VPN with PACluster Gateway. they have integrated AD with PA deviceand GP users connecting through AD credential and now lots user credential needto change. So will itimpact when GP client connect with PA GW can you suggest what isthe way to connect GP clients when changing credential on AD users how we cancome out from this before changing AD users credentials because to changecredential on GP client application for more than 200 users is very pathetic.
Based on your problem description, it looks, you want to change credentials on GP clients when there is a change in your AD for the corresponding users. If so,you have to uncheck SSO ( single sign on) from portal configuration ( Network > GP portal > Genaral) and use connect method as "on-demand mode". So, while the GP user will initiate the GP connection, he may manually change the saved username/password on GP agent.
•on-demand—Select this option to allow users to establish a connection on demand. With this option, the user must explicitly initiate the connection. This function is primarily used for remote access connections.
•user-logon—When this option is set, the GlobalProtect agent will automatically establish a connection after users log in to their computers. If you select Use single sign-on, the username and password used to log in to Windows is captured by the GlobalProtect agent and used to authenticate.
Hope this helps.
i think you didn't get the my point. my question is are :- GP client with AD integration , if AD User change his credential and login with his Laptop window using new credential then the GP client also need to change manually, is there any Automatic way that user don’t need to change credential in GP client console.
If Point-1 don’t have automatic mechanism then can we integrate user-based certificate using pre-login mechanism, userbased certificate means certificate will be individual for each user
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!