When Connect Before Logon (CBL) is configured for the GlobalProtect app, you can now use the app with smart card and ActivClient software without entering the smart card PIN multiple times.

Previously, when ActivClient software was installed on the devices and Connect Before Logon was configured for the GlobalProtect app, end-users were prompted to enter the smart card PIN multiple times while trying to connect using the CBL method.

This new enhancement removes the multiple smart card PIN prompts received by the end-users from the Windows identity provider and ActivClient while connecting the GlobalProtect app with smart card along with ActivClient software. The GlobalProtect app now asks for a PIN only once and the PIN prompt is from ActivClient software.

To use this feature, you must set the following prerequisites:

• Ensure that GlobalProtect portal is predeployed.
• Ensure that Connect Before Logon (CBL) mode is configured for the GlobalProtect app.
• Ensure that the Use Single Sign-On for Smart Card PIN (Windows) option is No (default value) in the app settings of the GlobalProtect portal configuration.

End users have to reenter the smart card PIN in the following scenarios because the ActivClient software clears the PIN cache when the

End users do not have to reenter the PIN when the system wakes up from sleep mode or hibernation mode.