02-04-2021 02:42 PM
We are testing out the GlobalProtect for Android app on our Chromebooks. I am able to push out the app via the Google Admin Console and the app connects fine via SSO/SAML to our portal and gateway. The problem is the app will not auto start after it is deployed to the client Chromebook. If the user of the Chromebook manually opens the GlobalProtect app on the Chromebook the GP app will start > auto authenticate SSO via SAML and connect to the gateway but t is only after the user manually opens the GP app will GP auto start and auto connect every time the user logs on to the Chromebook. I am assuming this is because the GP app downloads its config/settings from the portal the first time it connects and then sets itself to be Always On. Is there a work around to get the app to auto start immediately after it is installed onto the Chromebook via the Google Admin Console? I read through this article
and I have deployed the GP Android app with the following JSON values but it still will not auto start:
02-10-2021 04:19 PM
This might be conflicting with the always-on feature introduced in Chrome Admin Console. Could you put in a TAC case so that they can review and let you know next steps?
02-10-2021 09:21 PM
Which part do you think is conflicting? The Always On on the Google Admin Console and the JSON entry?
I opened a TAC case and they are saying that when using SAML there is no way to launch GlobalProtect automatically. I don't get why the limitation is there with SAML.
I have tested the Always On setting in the Google Admin console with SAML and it doesn't work because that setting does not allow any internet access until the VPN is connected. I also have tested the Always On Google Admin Console setting via a LDAP service account. I supply the service account's username and password in the JSON values of the app in Google Admin Console. This works but it takes about 30 seconds to a minute for the VPN to connect on the Chromebook and during that 30 seconds to a minute the user has no internet. This is a work around but it is still not a complete solution if you ask me. I wish there was some way via JSON values to tell GlobalProtect to start as soon as it is installed and be Always On without the need to set the Always On setting in the Google Admin console. This is the way it works on Windows via msi package parameters. Wish Palo can get this working on Chrome OS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!