To confirm that the endpoint belongs to your
organization, use your own public-key infrastructure (PKI) to issue
and distribute machine certificates to each endpoint (recommended)
or generate a self-signed machine certificate for export. With the
pre-logon connect methods, a machine certificate is required and
must be installed on the endpoint before GlobalProtect components
grant access.
To confirm that the endpoint belongs to your
organization, you must also configure an authentication profile
to authenticate the user (see
Two-Factor
Authentication).