If the certificate profile specifies a
Username Field
,
from which GlobalProtect can obtain a username, the external authentication
service automatically uses that username to authenticate the user
to the external authentication service specified in the authentication
profile. For example, if the
Username Field
in
the certificate profile is set to
Subject
,
the common-name field value of the certificate is used as the username
when the authentication server tries to authenticate the user. If
you do not want to force users to authenticate with a username from
the certificate, make sure the
Username Field
in
the certificate profile is set to
None
. See
Remote
Access VPN with Two-Factor Authentication for an example
configuration.