With the optional client certificate authentication,
the agent/app presents a client certificate along with its connection
request to the GlobalProtect portal or gateway. The portal or gateway
can use either a shared or unique client certificate to validate that
the user or device belongs to your organization.
The methods for deploying client certificates depend on the security
requirements for your organization: