We are testing Certificate Based Auth + User Based Auth for iOS VPN. Is it best practice to export a unique Identity(Client) Certificate for each user/device? Or is it common to use the same Identity Certificate for everyone? Security wise, it would be better to use unique certificates, but managing them may be hassle. We are also looking into Mobile Iron if that'll help ease things.
We use the same Identity certificate for end user devices, for ease of management. We do have detailed instructions for configuring iOS to function with Global Protect, you can download them here: https://support.paloaltonetworks.com/index.php?option=com_pan&task=dl_tech_doc&filename=GlobalProtec...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!