How to permanently allow GlobalProtect access to the login keychain on MAC?

How to permanently allow GlobalProtect access to the login keychain on MAC?

41318
Created On 12/15/20 22:36 PM - Last Modified 07/11/23 17:28 PM


Objective


  • After installing GlobalProtect on macOS, there are instances when one has to provide administrator credentials each time to access System keychain.
  • A dialogue window, like the one shown below opens up:
User-added image
  • After providing that credential, one may see additional dialogue window, for which one has to enter the same credential:
User-added image
  • The article provides how to permanently address this issue and never have to enter the credential again by editing the Keychain password entries for GlobalProtectService and GlobalProtect

    Environment


    • GlobalProtect App
    • macOS clients

    Procedure


    1. Open Keychain Access
    2. Select the login Keychain
    3. Select the Passwords category
    4. In the list of passwords, you will have to edit each GlobalProtectService entry
    5. For each entry, select Access Control
    GlobalProtectService-Attributes
    1. Select the option to Confirm before allowing access, add the applications shown below and then, select Save Changes. You will have to do this for each GlobalProtect password item.
    /Applications/GlobalProtect.app
/Applications/GlobalProtect.app/Contents/Resources/PanGPS
/Applications/GlobalProtect.app/Contents/Resources/PanGpHip
/Applications/GlobalProtect.app/Contents/Resources/PanGpHipMp
     
    GlobalProtectService-AccessControl
     
    1. Kindly make changes to GlobalProtect entry as shown below
    GlobalProtect-Attributes
     
    GlobalProtect-AccessControl
     
     
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HByXCAW&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

    Choose Language