Extended SSO Support for GlobalProtect Agents

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
Hithead
L4 Transporter

Extended SSO Support for GlobalProtect Agents

Hi,

GP 2.1.0 is now released with the extended SSO support:

With Single Sign-On (SSO), the GlobalProtect agent wraps the user’s Windows login credentials to automatically authenticate and connect to the GlobalProtect portal and gateway. SSO has been enhanced in this release to so that when a third-party credential provider is being used to wrap the user’s Windows login credentials, the GlobalProtect agent wraps the third-party credentials to allow for successful authentication for the Windows user. This extended SSO functionality is supported on Windows 7 and Windows Vista clients.

Which third-party credential providers are supported?

We are using the SafeNet eToken solution. Our clients doesn't know their windows credentials, they authenticate with their eToken to login in windows. I really hope, that GP 2.1.0 will help us to use SSO with our SafeNet eToken solution...

HULK
L7 Applicator

Hello Hithead,

I don't think there is a specific vendor list available at this point, rather it will work with all vendors. Actually, It will push the registry key with string value of that third-party credential provider inside Global-Protect registry entry to wrap the configured credential provider instead of the default windows credentials.

Related DOC:

How to Disable the Authentication Box that Appears GlobalProtect Client Installation

Registry Setting when Deploying GlobalProtect Client with Microsoft Group Policy Object

You may also contact with your PAN SE to get more detail information on this.

Thanks

Hithead
L4 Transporter

Hi,

the related documents don't tell me the regkeys for the new function.

Also I test it now several times and it doesn't work. No new regkeys are installed.

Is there any manual available?

Hithead
L4 Transporter

finally, the new admin guide is out :smileyhappy: GlobalProtect Administrator's Guide 6.1 (English)

the RegKey is

wrap-cp-guid

and

filter-non-gpcp

will try it and report the results

Hithead
L4 Transporter

set up the key wrap-cp-guid with the value {8BF9A910-A8FF-457F-999F-A5CA10B4A885}, but the GP tile is not displaying at windows logon...

Hithead
L4 Transporter

Update: The documentation was not correct. It will be updated soon...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!