This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

I'd like to know about certificates for GlobalProtect user authentication.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

I'd like to know about certificates for GlobalProtect user authentication.

Go to solution
y.saitou
L2 Linker

‎08-07-2025 11:24 PM

Attention: JAPAC TPM team
Hello Team,

 

Is it possible to apply client certificates to only some user authentications using GlobalProtect depending on the OS type?

 

My understanding is that if a certificate is specified in GlobalProtect's user authentication settings, it will also be set in other user authentication settings, so I don't think this is possible.

 

Also, for example, is the following configuration possible?
- Windows devices: SAML authentication
- iOS devices: SAML authentication + certificate authentication

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
rose42snowden
L0 Member

‎08-12-2025 08:57 PM

Yes, it is possible to apply different authentication methods, including client certificates, to GlobalProtect users based on their OS type. GlobalProtect allows you to define multiple client authentication configurations and prioritize them. You can create different authentication profiles and associate them with specific OS types. This enables scenarios like your example: Windows devices using SAML authentication, and iOS devices using SAML authentication plus certificate authentication. The GlobalProtect portal or gateway will then evaluate these configurations in order to determine the appropriate authentication method for each connecting device.

 

Regards,
Rose S.

 

mymilestonecard

View solution in original post

2 REPLIES 2

Go to solution
rose42snowden
L0 Member

‎08-12-2025 08:57 PM

Yes, it is possible to apply different authentication methods, including client certificates, to GlobalProtect users based on their OS type. GlobalProtect allows you to define multiple client authentication configurations and prioritize them. You can create different authentication profiles and associate them with specific OS types. This enables scenarios like your example: Windows devices using SAML authentication, and iOS devices using SAML authentication plus certificate authentication. The GlobalProtect portal or gateway will then evaluate these configurations in order to determine the appropriate authentication method for each connecting device.

 

Regards,
Rose S.

 

mymilestonecard

Go to solution
y.saitou
L2 Linker
In response to rose42snowden

‎08-13-2025 01:18 AM

@rose42snowden 

Thank you for your response.

This has been accepted as a solution.

 

0 Likes Likes
  • 1 accepted solution
  • 270 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks