Global Protect w/ WHfB Cloud Kerberos trust deployment

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect w/ WHfB Cloud Kerberos trust deployment

L0 Member

What is the best method to configure Windows Hello for Business with Global Protect Always-On..


During our PoT we noticed GP SSO passthrough won't authenticate via WHfB....


Would an external authentication e.g. Set up Kerberos Authentication  be the way to go?


External Authentication


User authentication functions are performed by external LDAP, Kerberos, TACACS+, SAML, or RADIUS services (including support for two-factor, token-based authentication mechanisms, such as one-time password (OTP) authentication). To enable external authentication:

  • Create a server profile with settings for access to the external authentication service.
  • Create an authentication profile that refers to the server profile.
  • Specify client authentication in the portal and gateway configurations and optionally specify the OS of the endpoint that will use these settings.

You can use different authentication profiles for each GlobalProtect component. See Set Up External Authentication for instructions. See Remote Access VPN (Authentication Profile) for an example configuration.



If you configure the portal or gateway to authenticate users through Kerberos authentication, users will not have the option to Sign Out of the GlobalProtect app if they authenticate successfully using this authentication method.


Thank you,


  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!