Enable the GlobalProtect App for macOS to Use Client Certificates for Authentication

When the GlobalProtect app is installed on macOS endpoints for the first time and client certificate authentication is enabled on the portal or gateway, the Keychain Pop-Up prompt appears, prompting users to enter their password so that GlobalProtect can access and use client certificates from the login keychain. The Keychain Pop-Up prompt can also appear when a new certificate is installed because the previous certificate expired.
You must use the following procedure to enable the GlobalProtect app for macOS to use client certificates for authentication:
  1. Enter your password to allow login keychain access with the macOS endpoint in the following Keychain Pop-Up prompt:
  2. Select
    Always Allow
    to let GlobalProtect to establish the VPN tunnel. The Keychain Pop-Up prompt does not appear until the client certificate has expired. This pop-up prompt can appear again when the client certificate is renewed.
    If you select
    , the Keychain Pop-Up prompt will appear every time users connect to GlobalProtect. If you select
    , GlobalProtect cannot establish a VPN tunnel and the Keychain Pop-Up prompt will appear. GlobalProtect can establish a VPN tunnel only after you allow access to the login keychain.

Recommended For You