When I set up the Captive Portal and configure it for browser challenge, on non domain joined machines I get the following prompt before I'm sent to the web-form. Is there any way I can get rid of this or at least get it encrypted so users aren't attempting to send credentials in clear text over the wire?
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/map-ip-addresses-to-users/ma... --> step 3 explains the steps where you configure a TLS profile including a certificate for the captive portal to enable it on https. I think you have to configure only the webform in the captive portal profile for not showing this http basic auth to the non domainjoined clients.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!