I discover GP so I'm sorry, in advance, if my questions are stupide.
Q1 : How I can force my users to enter their credentials (OnPrem AD or Azure AD depending the auth profile configured) when they start GP protect ? I don't want to use SSO and I want that my user enter their credential each time that they want to start the VPN connexion.
Q2 : Is-it possible to configure the GP client with the Gateway server by default (without the possibilty to remove it by user or to add another one) ? The objective is when I deploy the client on the computer via SCCM or when user open a session on the portal to download the vpn client, the client is already "pre-configured" with our settings and user does not have to enter gateway information, just click "connect".... 🙂
Hi @jeromecarrier ,
1. If you change Save User Credentials to No under Network > GlobalProtect > Portals >  > Agent > Configs >  > Authentication, the user will have to enter their username and password every time.
2. If you set "Allow User to Change Portal Address" to No under App in the same agent client config, then the user will not be able to change the portal address. Note that this document -> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/network-globalp... says that you "must supply the default portal address in the Windows registry or Mac plist".
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!