I now have GP connected automatically with a certificate pushed out via InTune. This is on a Surface Laptop running Win 10. I typically log in with face recognition. After I log on and notice that I have TCP/IP access through the GP connection and internal DNS is working - I am trying to then go to a file share. \\whatever\sys$\whichever say. I am then prompted for my credentials and a note is there "The system cannont contact a domain controller to service the authentication request." I have no thought why it can't find the DC. To work around this click "Use a different account" and enter my work email and password.This is the same email as the one associated with my face recognition. But after I login through using this "Other User" I then have access to the file share. I checked cmd/set user and that looks the same before my "Other User" login as after. Any ideas appreciated!
Actually we use SAML to explicitly enable single sign on for the users. Yes, this is not integrated functionality of global protect, but it does the job perfectly well. With this it is possible to use biometric logon (Windows Hello) and with SAML to an ADFS server or Azure AD it is possible to have single sign on there for the users. And we use this also with pre-logon (Just because in the linked article in the table it shows it works only with on-demand connections and SAML is not supported)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!