10-04-2023 06:34 AM
Hi Everyone,
Our current setup is a GlobalProtect portal that utilizes SSO via the free Okta service. This serves our customers as well as our internal staff.
I'd like to switch our internal staff laptops to the prelogon method, so they automatically connect with their AD machine cert, and after they login to their laptop, it passes on their username/password to GlobalProtect. All while not interrupting the normal SSO/Okta flow for our other users.
The only hitch is, the user workstation logins are on a different domain than the one that's connected to Okta. So, would I make a new Client Authentication setting? And where would I place it in the priority list?
I'm assuming then I could make a new agent config, using the certificate device check for the AD domain CA, and assign custom DNS servers, etc.
Any advice/help is greatly appreciated!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
