Palo Alto Networks Knowledgebase: Password Expiry Warning on the GlobalProtect Client

Password Expiry Warning on the GlobalProtect Client

8741
Created On 02/07/19 23:57 PM - Last Updated 02/07/19 23:58 PM
Resolution

Overview

When using LDAP as the authentication method, users can be prompted with the password expiry warning message when their password is due to expire.

 

Details

This can be achieved by using LDAP as an authentication method, as shown in the screenshot below:

 

  • Server Profile: Specify the configured LDAP profile
  • Login Attribute: Enter the LDAP directory attribute that uniquely identifies the user or group
  • Password Expiry Warning: Enter the number of days prior to password expiration to start displaying notification messages to users to alert them that their passwords are expiring in X number of days (this can be configured ranging from 1 day to 255 days).

 

By default, notification messages will be displayed seven days before password expiry. Users will not be able to access the VPN if their passwords expire.

Set the maximum password age under the default domain policy in the AD server as shown in the screenshot below:

 

Shown below is the warning message on the GlobalProtect client.

password expiry.png

 

Note: As a best practice, consider configuring the agents to use a pre-logon connect method. This will allow users to connect to the domain to change their passwords even after the password has expired.

 

owner: hnatarajan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEgCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language