User authentication functions are performed by external LDAP, Kerberos, TACACS+, SAML, or RADIUS services (including support for two-factor, token-based authentication mechanisms, such as one-time password (OTP) authentication). To enable external authentication:
- Create a server profile with settings for access to the external authentication service.
- Create an authentication profile that refers to the server profile.
- Specify client authentication in the portal and gateway configurations and optionally specify the OS of the endpoint that will use these settings.
If you configure the portal or gateway to authenticate users through SAML authentication, users running GlobalProtect app 4.1.8 or an earlier release will not have the option to
Sign Outof the app if you disable single logout (SLO). Users running GlobalProtect app 4.1.9 or a later release will have the option to
Sign Outof the app regardless of whether SLO is enabled or disabled.
If you configure the portal or gateway to authenticate users through Kerberos authentication, users will not have the option to
Sign Outof the GlobalProtect app if they authenticate successfully using this authentication method.
If you do not allow the GlobalProtect app to
Save User Credentials(
), users will not have the option to
Sign Outof the app if they authenticate successfully using LDAP, TACACS+, or RADIUS authentication.
Set Up Access to the GlobalProtect Portal
Set Up Access to the GlobalProtect Portal After you have completed the Prerequisite Tasks for Configuring the GlobalProtect Portal , configure the GlobalProtect portal as ...
Define the GlobalProtect Client Authentication Configurations
Define the GlobalProtect Client Authentication Configurations Each GlobalProtect client authentication configuration specifies the settings that enable the user to authenticate with the GlobalProtect portal. You ...
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...
Set Up External Authentication
Set Up External Authentication The following workflows describe how to set up the GlobalProtect portal and gateways to use an external authentication service. The supported ...
Set Up RADIUS or TACACS+ Authentication
Set Up RADIUS or TACACS+ Authentication RADIUS is a client/server protocol and software that enables remote access servers to communicate with a central server to ...
Configure the Portal to Authenticate Satellites
Configure the Portal to Authenticate Satellites In order to register with the LSVPN, each satellite must establish an SSL/TLS connection with the portal. After establishing ...
Two-Factor Authentication With two-factor authentication, the portal or gateway authenticates users through two mechanisms, such as a one-time password and Active Directory (AD) login credentials. ...
Authentication The GlobalProtect™ portal and gateway must authenticate end users before allowing access to GlobalProtect resources. You must configure authentication mechanisms prior to portal and ...
Enable Two-Factor Authentication Using One-Time Passwords (...
Enable Two-Factor Authentication Using One-Time Passwords (OTPs) Use this workflow to configure two-factor authentication using one-time passwords (OTPs) on the portal and gateways. When a ...