If you require strong authentication to protect sensitive
assets or comply with regulatory requirements, such as PCI, SOX,
or HIPAA, configure GlobalProtect to use an authentication service
that uses a two-factor authentication scheme. A two-factor authentication
scheme requires two things: something the end user knows (such as
a PIN or password) and something the end user has (a hardware or
software token/OTP, smart card, or certificate). You can also enable
two-factor authentication using a combination of external authentication
services, and client and certificate profiles.