Can GlobalProtect be configured to prompt a user to change a temporary password when using the local user database for authentication on first-time login?

Can GlobalProtect be configured to prompt a user to change a temporary password when using the local user database for authentication on first-time login?

13683
Created On 08/26/20 01:04 AM - Last Modified 12/21/20 21:52 PM


Question


Can GlobalProtect be configured to prompt a user to change a temporary password when using the local user database for authentication on the first-time login?

Environment


  • Any PAN-OS.
  • Palo Alto Firewall
  • GlobalProtect Agent 4.1 and above.

Answer


This is not supported natively.
The user will have to rely on external authentication services like RADIUS for centralized account management. As of PAN-OS 8.1 and GlobalProtect v4.1 remote GlobalProtect users can change passwords either when the password has expired or the user is accessing Active Directory for the first time with a temporary password.


 

Additional Information


The other option is to use pre-login connection method or other services like SSO/SAML with Azure AD, etc.

Additional information is described here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAVZCA4&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language