03-15-2023 08:13 AM
Hi,
Thought it might be worth asking here, maybe you can help me 🙂
We're using Prisma Access and the Global Protect client to log in to VPN. We're also using OKTA to authenticate.
Is there any way to somehow automate the login to the client, and maybe in a way, somehow enforce the login? We basically want all of our users to keep login into GP without a way to disable it (for security visibility). It should be completely seamless for the user, with as less user intervention as possible.
Right now, we're using an Always-ON mode, with an option to disable the client with only a passcode. That being said, in a restart laptop/cookie expiration, it just pops up the regular OKTA authentication, without anything preventing the user from closing it, and then the client stays on "connecting...".
Is there anything that you could suggest to me for this to work? Is there anyone here using the pre-logon connection method? is it reliable?
*We're also using Jamf Connect, if it matters
03-15-2023 01:34 PM
You might want to think about changing over to a certificate for the actual tunnel and then using an authentication policy to capture the actual login instead. This would ensure that the tunnel is always connected, while still giving you the ability to enforce user authentication to capture the user-id and access resources.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
