Hi @BrandonBowman ,
I do not know of an easy way in the configuration. You could script an API request or CLI command to be pushed to logout all GlobalProtect users. The API call can be as easy as a Linux cron job running curl with the authentication cookie (please keep secret!).
/api/?type=op&cmd=<request><global-protect-gateway><client-logout-all></client-logout-all></global-protect-gateway></request>
CLI: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClamCAC
The question is, "Do you want to keep them out?" Then you would need something like a scheduled security policy rule to block access (does not work on existing sessions), or time limits for your users on your authentication server.
Thanks,
Tom
Help the community: Like helpful comments and mark solutions.