If your administrator has configured the GlobalProtect portal
to allow you to authenticate through single sign-on (SSO) using
smart card authentication, you can connect without re-entering your
smart card Personal Identification Number (PIN) in the GlobalProtect
app for a seamless SSO experience. You can leverage the same smart
card PIN for GlobalProtect with your Windows endpoint. You can benefit
from using SSO for smart card authentication by reducing the number
of times you must enter your smart card PIN when you log in. After
you successfully log in to the Windows endpoint, the GlobalProtect
app acquires and remembers your smart card PIN to authenticate with
the GlobalProtect portal and gateway.
can define the type of PIN caching policy for
Windows that is associated with the PIN for the smart card provider. The
PIN is cached only if allowed from the smart card provider. GlobalProtect
clears the PIN from the cache if you manually sign out of the GlobalProtect
app, sign out of Windows, or the PIN is changed.
Before you can use SSO for smart card authentication, the
administrator must have completed the following tasks:
Set the pre-deployed setting on Windows endpoints
to use SSO for smart card authentication.
Your administrator must set the pre-deployed setting on
your Windows endpoint prior to enabling SSO for smart card PIN.
GlobalProtect retrieves this entry only once, when the GlobalProtect