Switching from GlobalProtect username & password to some sort of SSO solution (on-prem AD only)

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Switching from GlobalProtect username & password to some sort of SSO solution (on-prem AD only)

L2 Linker

We have always used username & password for authenticating GlobalProtect (using the user's AD account/password). We always connect GlobalProtect AFTER signing on to Windows first.  So how difficult would it be to have GlobalProtect simply query Windows for the user's current signed-on creds to use instead of manually typing them? Essentially something like SSO?


And is it possible to setup a 2nd gateway option for testing so we don't impact our current users?  Basically, if users are connecting to vpn.contoso.com, we would create vpntest.contoso.com on the PA and use that to test this new configuration.  


NOTE: I don't want to do pre-login or anything like that. And we don't have SAML as an option or AD Federated Services.  Just a very basic Active Directory 2016 domain, a single Palo Alto Firewall and GlobalProtect 5.1.5 for Windows 10.  

  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!