If you require strong authentication to protect sensitive
assets or comply with regulatory requirements, such as PCI, SOX,
or HIPAA, configure GlobalProtect to use an authentication service
that uses a two-factor authentication scheme. A two-factor authentication
scheme requires two things: something the end user knows (such as
a PIN or password) and something the end user has (a hardware or
software token/OTP, smart card, or certificate). You can also enable two-factor
authentication using a combination of external authentication services, and
client and certificate profiles.