End-of-Life (EoL)

Enable SSO Wrapping for Third-Party Credentials with the Windows Registry

Use the following steps in the Windows registry to enable SSO to wrap third-party credentials on Windows 7 and Windows Vista endpoints.
  1. Open the Windows registry and locate the globally unique identifier (GUID) for the third-party credential provider that you want to wrap.
    1. From the command prompt, enter the command
      to open the Windows registry.
    2. Locate currently installed credential providers at the following location:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
    3. Copy the GUID key for the credential provider that you want to wrap (including the curly brackets—
      —on either end of the GUID):
  2. Enable SSO wrapping for third-party credential providers by adding the setting
    to the GlobalProtect registry.
    1. Go to the following Windows registry location:
      HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect:
    2. Add a new
      String Value
    3. Enter values for the
      String Value
      • Name
      • Value data
        {<third-party credential provider GUID>}
      For the
      Value data
      field, the GUID value that you enter must be enclosed with curly brackets:
      The following is an example of what a third-party credential provider GUID in the
      Value data
      field might look like:
      For the new String Value, wrap-cp-guid is displayed as the String Value’s Name and the GUID is displayed as the Data.
  3. Next Steps:
    • You can configure SSO wrapping for third-party credential providers successfully by completing steps 1 and 2. With this setup, the native Windows logon tile is displayed to users. Users click the tile and log in to the system with their Windows credentials and that single login authenticates the users to Windows, GlobalProtect, and the third-party credential provider.
    • (Optional) If you want to display two tiles to users at login, the native Windows tile and the tile for the third-party credential provider, continue to 4.
  4. (Optional) Allow the third-party credential provider tile to be displayed to users at login.
    Add a second
    String Value
    with the
    and enter
    for the string’s
    Value data
    With this string value added to the GlobalProtect settings, two login options are presented to users when logging in to their Windows system: the native Windows tile and the third-party credential provider’s tile.

Recommended For You