To simplify the login process and improve
your experience, GlobalProtect offers Connect Before Logon to allow
you to establish the VPN connection to the corporate network before
logging in to the Windows 10 endpoint using a Smart card, authentication
service such as LDAP, RADIUS, or Security Assertion Markup Language (SAML),
username/password-based authentication, or one-time password (OTP) authentication.
You can benefit from enabling Connect Before Logon when you onboard
new end users on the endpoint that is not set up with a local profile
or account for the user. Connect Before Logon is disabled by default.
When you enable Connect Before Logon, your end users can launch
the GlobalProtect app credential provider and connect to the corporate
network before logging in to Windows endpoint. After Connect Before
Logon establishes a VPN connection, end users can use the Windows
logon screen to log in to the Windows endpoint. GlobalProtect can now
act as a Pre-Login Access Provider (PLAP) credential provider to
provide access to your organization before logging in to Windows.
GlobalProtect retrieves the registry keys only once, when the GlobalProtect
app initializes.