08-28-2024 09:47 PM
Hi folks - very grateful for some support on this one.
I've been led to believe that establishing 2FA on GlobalProtect using credentials and certificates as the authentication methods requires setting up a certificate profile and selecting "No" on the setting "Allow Authentication with User Credentials OR Client Certificate".
My questions is, should that setting be selected on the Portal, the Gateway, or both? Is there any real difference? If, for instance, I selected the setting on the Portal only, could that interfere with the ability to reset Windows passwords on endpoint devices?
Thank you!
09-03-2024 11:41 AM
Hello,
I would generally match the authentication between the gateway and the portal. If you dont want users to have to enter their credentials on both the gateway and the portal, you could do something like just requiring certificates for the gateway authentication otherwise you should look at GlobalProtect Cookie Authentication Cookie Authentication on the Portal or Gateway (paloaltonetworks.com)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
