Use the GlobalProtect App for iOS
This chapter applies to you only if your setup requires you to enter your GlobalProtect login credentials after you have logged in to your endpoint (single sign-on is disabled).
We typically recommend that organizations allow its GlobalProtect users to log in transparently following app installation. After you log in to an endpoint with transparent GlobalProtect login, the GlobalProtect app automatically initiates and connects to the corporate network without further user intervention.
If your setup requires you to enter your GlobalProtect credentials, follow the applicable steps below.
- Connect to the GlobalProtect portal or gateway.Use one of the following workflows to connect to the GlobalProtect portal or gateway:
- First time connection experience:
- Launch the GlobalProtect app.
- (Optional) If you have not enabled GlobalProtect notifications on your endpoint, a notification permission dialog appears.AllowGlobalProtect to send you notifications.If youDon’t AllowGlobalProtect to send you notifications, a reminder appears the next time you launch the app. Tap theSettings -> GlobalProtectlink to go to the notification permission screen, where you can enable notifications. If you still do not want to enable notifications,Skipthis screen.
- Enter the GlobalProtect portal address.
- (Optional) Depending on the connection mode, tapConnectto initiate the connection.
- When the“GlobalProtect” Would Like to AddVPN Configurationsmessage appears, use the following steps to add VPN configurations to your endpoint:
- AllowGlobalProtect to add VPN configurations to your endpoint. This setting enables GlobalProtect to filter and monitor network activity on the endpoint when you are using the VPN.
- Enter your iPhone or iPad passcode to confirm that you want to add VPN configurations to your endpoint.
- (Optional) If your endpoint is unable to verify the identity of the GlobalProtect portal using the portal server certificate, theCannot Verify Server Identitymessage appears. If you trust the certificate, tapContinueto proceed with the connection.
- (Optional) If prompted, enter yourUsernameandPassword, and thenSIGN IN.
- (Optional) If you are using multi-factor authentication, enter the GlobalProtect verificationCodethat is sent to your endpoint after you sign in, and then tapContinue.
- (Optional) If your administrator configures the GlobalProtect app to display a welcome message, the welcome message appears upon successful connection. Close the welcome message to proceed to the home screen.
- (Optional) If there are notifications on your app, the Notifications dialog appears upon successful connection. Close the Notifications dialog to proceed to the home screen.
- When the home screen appears, verify that your connection has established successfully. If the connection is successful, the home screen displays theCONNECTEDstate.
- (Optional) By default, the endpoint automatically connects to theBest Availablegateway based on the configuration that the administrator defines and the response times of the available gateways. To connect to a different gateway, tap the gateway drop-down at the bottom of the home screen and then use one of the following options:
- Select a gateway manually (external gateways only). If your administrator configures more than 10 manual external gateways in your portal agent configuration, you can also locate a specific gateway using the gateway search option.
- Assign and automatically connect to a preferred gateway by tapping the More Options ( ) icon for the gateway that you want to set as the preferred gateway and thenSet As Preferred. Alternatively, you can long-press (tap and hold) the gateway and thenSet As Preferred.To remove the preferred gateway assignment, tap the More Options ( ) icon for the preferred gateway and thenRemove Preferred. Alternatively, you can long-press (tap and hold) the gateway and thenRemove Preferred.
- On-Demand (Remote Access VPN) connection experience:When GlobalProtect administrator configures GlobalProtect with theOn-Demandconnect method, you must launch the GlobalProtect app to initiate the connection manually. After the connection initiates, you canTAP TO CONNECTto establish the GlobalProtect connection. If your administrator enables GlobalProtect toSave User Credentials, the connection establishes without requiring further user interaction. If your administrator does not enable GlobalProtect toSave User Credentials, you must sign in to establish the connection.
- Always On connection experienceWhen your GlobalProtect administrator configures GlobalProtect with theAlways Onconnect method, the connection initiates automatically. Depending on whether your administrator configures the GlobalProtect app toSave User Credentials, you can establish the GlobalProtect connection without launching the app. If your administrator enables GlobalProtect toSave User Credentials, the connection establishes automatically without requiring any user interaction. If your administrator does not enable GlobalProtect toSave User Credentials, you must sign in through the app to establish the connection.
- View information about your GlobalProtect connection.After you establish the GlobalProtect connection, launch the GlobalProtect app. Tap the settings icon to open the settings menu. From the settings menu, tapSETTINGSto view information about your connection, including thePortaladdress and connectionStatus.
- If you want to connect to a different GlobalProtect portal, tap thePortaladdress. When prompted, enter a new portal address and then tapCONNECT.
- If you are connected to an external gateway, tap the connectionStatusto view additional details about your connection (including the network SSID and gateway IP address/FQDN).
- (Optional) Change your saved password.If your GlobalProtect administrator configures the GlobalProtect portal agent toSave User Credentials, your credentials are automatically saved to the GlobalProtect app. When your password expires or a RADIUS or AD administrator requires a password change at the next login, you can update your password on the app. This feature is enabled only when you are authenticated with a RADIUS server using the Protected Extensible Authentication Protocol Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2).
- Launch the GlobalProtect app.
- From the home screen,TAP TO CONNECT.
- (Optional) If prompted, enter youroldUsernameandPassword, and thenSIGN IN.
- When the GlobalProtect app prompts you toUpdate Password, enter yourCurrent Passwordfollowed by yourNew Password.
- Retype Passwordto confirm your new password.
- SIGN INto reconnect to GlobalProtect with your new password.
- (Optional) Disconnect from GlobalProtect.If your administrator configures GlobalProtect with theOn-Demandconnect method, you canTAP TO DISCONNECTfrom the home screen.