GlobalProtect
Use Single Sign-On for Smart Card Authentication
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
- 10.1 & Later
- 9.1 (EoL)
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- 6.1
- 6.0
- 5.1
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
Use Single Sign-On for Smart Card Authentication
If your administrator has configured the GlobalProtect portal
to allow you to authenticate through single sign-on (SSO) using
smart card authentication, you can connect without re-entering your
smart card Personal Identification Number (PIN) in the GlobalProtect
app for a seamless SSO experience. You can leverage the same smart
card PIN for GlobalProtect with your Windows endpoint. You can benefit
from using SSO for smart card authentication by reducing the number
of times you must enter your smart card PIN when you log in. After
you successfully log in to the Windows endpoint, the GlobalProtect
app acquires and remembers your smart card PIN to authenticate with
the GlobalProtect portal and gateway.
Your administrator
can define the type of PIN caching policy for
Windows that is associated with the PIN for the smart card provider. The
PIN is cached only if allowed from the smart card provider. GlobalProtect
clears the PIN from the cache if you manually sign out of the GlobalProtect
app, sign out of Windows, or the PIN is changed.
- Before you can use SSO for smart card authentication, the administrator must have completed the following tasks:
- Set the pre-deployed setting on Windows endpoints to use SSO for smart card authentication.Your administrator must set the pre-deployed setting on your Windows endpoint prior to enabling SSO for smart card PIN. GlobalProtect retrieves this entry only once, when the GlobalProtect app initializes.Set up the smart card for two-factor authentication.Assign the certificate profile to the GlobalProtect portal.Configure the gateway so that you can authenticate using a smart card.Enable the GlobalProtect app to Use SSO for smart card PIN on the GlobalProtect portal so that you can levearage the same smart card PIN for GlobalProtect with your Windows endpoint.Log in to the Windows endpoint using the smart card PIN.
- Click Sign-in options, and then click the smart card (When prompted, insert the smart card to verify that smart card authentication is successful.Enter the PIN for the smart card, and click the arrow to submit.If smart card authentication is successful, you can connect to the portal or gateway specified in the configuration without having to re-enter your smart card PIN.(Optional) Log in to GlobalProtect using the same smart card PIN.You can leverage the same smart card PIN that you used to log in to your Windows endpoint.
- Launch the GlobalProtect app by clicking the system tray icon. The status panel opens.Click the hamburger menu to open the Settings panel.On the Settings panel, Sign Out to clear your saved user credentials from the GlobalProtect app.Reconnect to GlobalProtect with the same smart card PIN.The GlobalProtect app displays a smart card PIN error if the PIN is not valid.