Why GlobalProtect Credential Provider (CP) is the default sign-in option just after the GlobalProtect Install
14139
Created On 11/06/19 21:27 PM - Last Modified 11/07/19 02:23 AM
Question
Why GlobalProtect Credential Provider (CP) is the default sign-in option just after the GlobalProtect Install?
Environment
- Palo Alto Firewall.
- PAN-OS 8.0 and above.
- GlobalProtect App/Agent 4.0. and above.
Answer
SSO is widely deployed in Windows environment, therefore, GlobalProtect Credential Provider (CP) is the default sign-in option just after the GP installment. SSO will fail if GlobalProtect CP is not selected by default after installation.
- The behavior is controlled by HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\IsGPCPFirstTime registry key which is set to 1 by default.
- After the first login, the HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\IsGPCPFirstTime registry key is automatically set to 0.
In case the GP CP does not need to be in the default selection immediately after installation, the HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\IsGPCPFirstTime registry key needs to be set to 0 immediately after GP installation.
Additional Information
NOTE: Generally, changing the registry key is Windows OS function and can be achieved in different ways, please use the method that suits your environment.