- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-18-2022 08:01 AM
Hello
I discover GP so I'm sorry, in advance, if my questions are stupide.
Q1 : How I can force my users to enter their credentials (OnPrem AD or Azure AD depending the auth profile configured) when they start GP protect ? I don't want to use SSO and I want that my user enter their credential each time that they want to start the VPN connexion.
Q2 : Is-it possible to configure the GP client with the Gateway server by default (without the possibilty to remove it by user or to add another one) ? The objective is when I deploy the client on the computer via SCCM or when user open a session on the portal to download the vpn client, the client is already "pre-configured" with our settings and user does not have to enter gateway information, just click "connect".... 🙂
BR
11-21-2022 04:08 PM
Hi @jeromecarrier ,
1. If you change Save User Credentials to No under Network > GlobalProtect > Portals > [edit] > Agent > Configs > [edit] > Authentication, the user will have to enter their username and password every time.
2. If you set "Allow User to Change Portal Address" to No under App in the same agent client config, then the user will not be able to change the portal address. Note that this document -> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/network-globalp... says that you "must supply the default portal address in the Windows registry or Mac plist".
Thanks,
Tom
11-22-2022 08:05 AM
Hello
I have not found the option to force to enter user credentials each time in Network > GlobalProtect > Portals > [edit] > Agent > Configs > [edit] > Authentication... 😞
11-22-2022 08:52 AM - edited 11-22-2022 08:53 AM
Hi @jeromecarrier ,
As mentioned above, change "Save User Credentials" to No. Please see the pic below.
You may also want to verify that "Use Single Sign-On" is disabled for Windows and MacOS under the App tab.
Thanks,
Tom
11-23-2022 02:51 AM
Hello
These settings are already configured on my environment.
when I have a session open on my laptop with my domain account and my laptop connected on public wifi, when I start the GP program, the connexion is established without to be requested to enter my credentials on GP vpn client. For security reason, we want to force user to enter their credential each time that they want to connect the VPN on the network...
An idea?
BR
Jerome
11-23-2022 08:18 AM
Hi @jeromecarrier ,
That is indeed a mystery. In my environment, I have "Save User Credentials" set to No, and I am always prompted for credentials. Maybe an uninstall/reinstall of the GP client may help. You may need to open a TAC case.
I would like to know the resolution.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!