Connect automatically to Global Protect using OKTA cred

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Connect automatically to Global Protect using OKTA cred

L0 Member

Hi,

Thought it might be worth asking here, maybe you can help me 🙂

We're using Prisma Access and the Global Protect client to log in to VPN. We're also using OKTA to authenticate.

 

Is there any way to somehow automate the login to the client, and maybe in a way, somehow enforce the login? We basically want all of our users to keep login into GP without a way to disable it (for security visibility). It should be completely seamless for the user, with as less user intervention as possible.

 

Right now, we're using an Always-ON mode, with an option to disable the client with only a passcode. That being said, in a restart laptop/cookie expiration, it just pops up the regular OKTA authentication, without anything preventing the user from closing it, and then the client stays on "connecting...".

 

Is there anything that you could suggest to me for this to work? Is there anyone here using the pre-logon connection method? is it reliable? 

 

*We're also using Jamf Connect, if it matters

2 REPLIES 2

L0 Member

Haven't mentioned but we're using macOS

Cyber Elite
Cyber Elite

@nivhovav,

You might want to think about changing over to a certificate for the actual tunnel and then using an authentication policy to capture the actual login instead. This would ensure that the tunnel is always connected, while still giving you the ability to enforce user authentication to capture the user-id and access resources. 

  • 1688 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!