GlobalProtect Windows Credential Provider is not accepting UPN (email address) for logins to devices

GlobalProtect Windows Credential Provider is not accepting UPN (email address) for logins to devices

1794
Created On 11/07/22 04:26 AM - Last Modified 05/03/24 02:38 AM


Symptom


  • Users are not able to make windows login with UPN name when GP credential provider is selected and device is offline"
LoginUPN error
 
 
 

Environment


  • GlobalProtect with SSO enabled for Windows
  • LDAP profile is used for GlobalProtect portal authentication 
  • UPN format username is used to login window when device is offline

Cause


This behavior is due to Microsoft framework does not allow access to local cache.

Resolution


  1. The resolution is not available due to Microsoft's restriction. Engineering team is evaluating further options.
  2. As a workaround, user can login successfully when offline using username as UPN format by selecting Windows default credential provider.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kF5OCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail