Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Can a Common Acces Card authentication used for GlobalProtect U... - Knowledge Base - Palo Alto Networks

Can a Common Acces Card authentication used for GlobalProtect User Logon (Always On)?

6384
Created On 12/11/20 14:19 PM - Last Modified 07/26/23 21:14 PM


Question


If Global Protect Always On is configured using a certificate and a smart card as authentication methods, is it possible for the end-user to only enter the PIN once upon the windows logon screen?
 

Environment


  • Windows endpoints only
  • GlobalProtect Agent versions older than 6.0
  • Global Protect configured with a certificate and a smart card as authentication methods
  • The User using CAC (Common Access Card) to logon to  Windows 10
  • Windows boots up and connects to Global Protect and the user would only enter the  PIN once ( the PIN would only be entered upon the windows logon screen)

Answer


  1. For GlobalProtect versions less than 6.0, this is not possible, as Global Protect SSO (Single Sign On)  only works for username/password, not  a smart/CAC card 
  2. For GlobalProtect version 6.0 and Content Release version 8451-6911 and later Refer Single-sign-on-sso-using-smart-card-authentication.
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 239,884
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBvnCAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language