Difference between 2FA certificate configuration methods

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Difference between 2FA certificate configuration methods

L0 Member

Hi folks - very grateful for some support on this one.

I've been led to believe that establishing 2FA on GlobalProtect using credentials and certificates as the authentication methods requires setting up a certificate profile and selecting "No" on the setting "Allow Authentication with User Credentials OR Client Certificate".

My questions is, should that setting be selected on the Portal, the Gateway, or both? Is there any real difference? If, for instance, I selected the setting on the Portal only, could that interfere with the ability to reset Windows passwords on endpoint devices?

Thank you!

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

 

I would generally match the authentication between the gateway and the portal. If you dont want users to have to enter their credentials on both the gateway and the portal, you could do something like just requiring certificates for the gateway authentication otherwise you should look at GlobalProtect Cookie Authentication Cookie Authentication on the Portal or Gateway (paloaltonetworks.com)

  • 338 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!