This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Globalprotect Credential Provider not capturing automatic logon

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Globalprotect Credential Provider not capturing automatic logon

ColdSteel
L0 Member

‎11-30-2023 06:33 PM

Overview:

I have Windows 10 Desktop machine which runs in KIOSK mode, it automatically logs in to my dedicated AD KIOSK user through setting the AutoAdminLogon Registry keys.

We are using GlobalProtect for our user identity when inside of the corporate network combined with the GlobalProtect Windows login credential provider to allow SSO authentication.

 

The issue:

When the PC signs in using the AutoAdminLogon registry, GlobalProtect can’t capture the login credentials due to Windows using its native credential provider.

 

Attempted Solutions/Diag:

  • When signing in interactively with the computer, SSO works as expected.
  • When entering the AD KIOSK user’s credentials into GlobalProtect after using the auto logon it authenticates fine and remains until the next reboot.
  • I have tried to enforce GlobalProtect as the default credential provider by following ‘Deploy GlobalProtect Credential Provider Settings in the Windows Registry’ step 2, this did not work so reverted the change.
  • I tried to force credential capture by telling GlobalProtect to capture the GUID ID of the Windows credential provider by ‘SSO Wrapping for Third-Party Credentials with the Windows Registry’ as per documentation but was unsuccessful.

I am aware as a work around I could make an identity policy or firewall policy which could be based on IP or AD polling, but I am wanting to try keep things simple and aligned.

Have I overlooked something? Has someone else managed to work a solution to this?
Or should I be using a different method to auto logon these machines which may work better with GlobalProtect?

Software Version              10.2.4-h4
GlobalProtect Agent        6.1.1

 

Thanks in advance for your time.

Jeremy

0 Likes Likes
0 REPLIES 0
  • 674 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks