09-27-2022 06:56 AM
Hello,
We currently have GlobalProtect setup with always-on, with certificate logon and credentials (via RADIUS via AD). Right everything is working as designed. We have a desire to remove the manual login once globalprotect launches in the user session (so one logon; just Windows). How do we enable GlobalProtect to automatically logon while using the users AD credentials or kerberos ticket? We have the option to use SAML via Okta.
10-10-2022 07:20 AM
Hi @mrt3385 ,
Am I undrestating you correctly:
- GlobalProtect is successfully establishing pre-logon tunnel with user certificate, before user is logon to Windows
- After user authenticates and logon in Windows, GlobalProtect prompts the user to enter credentials where.
Is this correct?
If I understand correctly, GlobalProtect support Single Sign-On (SSO) and can use the same credentials the user has entered to logon to Window and pass it to authenticate after user logon.
SSO needs to be enabled under GP portal -> Agent -> App settings
In addition GlobalProtect credential provide needs to be set as default
10-10-2022 07:31 AM
Hello,
You are correct; after the user logs in, they are prompted by GlobalProtect to enter their credentials again. We do have SSO for windows turned on. I'm wondering if SSO is only supported for certain authentication mechanisms.
T
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
