If the certificate profile specifies a
Username
Field
, from which GlobalProtect can obtain a username,
the external authentication service automatically uses that username
to authenticate the user to the external authentication service
specified in the authentication profile. For example, if the
Username
Field
in the certificate profile is set to
Subject
,
the common-name field value of the certificate is used as the username
when the authentication server tries to authenticate the user. If
you do not want to force users to authenticate with a username from
the certificate, make sure the
Username Field
in
the certificate profile is set to
None
. See
Remote
Access VPN with Two-Factor Authentication for an example
configuration.