Hello , I have a requirement , Currently both Internal and external users ( both are AD users) connect to GP via their AD user name and Password Requirement is enroll Machine certificate to Internal Users and a Common Certificate issued by Palo Alto Generate Root CA to all External users Internal Users are having Machine Certificate issued by PKI on their Windows 10 External Users have a Common User certificate in their User certificate store. Certificate Profile is OK and has Root CA certificate from PKI and PA Root CA So my queries are : 1) Can I still use Logon Method as User Logon ( Always on ) as a common method for both types of users ? the requirement is that the certificate check should not kick in until user logs in ? 2) Client Certificate Store Look up is User and Machine :: So that it checks for both Spaces and find a certificate in one of the store Is this OK ? In the config selection criteria , I have selected the User Groups ( mix of both internal and external) . Do i need to change it Pre-logon ?
... View more