04-07-2021 11:44 AM
I've had a number of users reach out to me to reset their password for the GlobalProtect because they become locked out. They have all said they get a message that their password will be expiring in so many days, but are never prompted to reset the password. Each user has said there is nowhere to click to change the password so it goes past the reset period.
04-08-2021 11:09 AM - edited 04-08-2021 11:19 AM
What is used by Globaprotect for authenticating the users in the authentication profile ? Radius, Active directory etc.?
If you are using AD with LDAP Palo Alto, when the AD informs the Palo Alto with an atribute that the password will expire palo alto uses the Globalprotect APP to inform the client that is all. In most cases Palo alto just informs the client and the clients needs to use other methods to change their AD password. Please read the article blow why the users may get the password message before the actuial expiration date:
If you are not using the palo Alto globalprotect as a windows single sign-on (SSO), in other words the globalprotect to use the windows credentials for starting the VPN, you can't use Global Protect to change the password:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!