Organizations often require smart card authentication for network access. To ensure users maintain connectivity when their smart card is unavailable, GlobalProtect® now includes an authentication fallback mechanism . This feature guarantees that users are not blocked from connecting to the GlobalProtect app. If the configured smart card cannot be used for authentication, the system automatically defaults to any available username and password authentication methods. This flexible mechanism improves resilience for high-security environments.

Furthermore, this smart card authentication capability now extends to endpoints running on macOS. For Windows endpoints, the feature supports pre-deployment customization, allowing for consistent and streamlined client rollouts across your enterprise.

The smart card authentication fallback will happen only if you have selected the Allow Authentication with User Credentials OR Client Certificate option while configuring the GlobalProtect gateway and portal. This option defines whether users can authenticate to the portal or gateway using credentials and/or client certificates.

You can predeploy the customized Windows Registry key values for the profile options <PIV> and <NO PIV>