For increased flexibility, you can now specify the client operating system (Android, iOS, Mac, Windows, or Chrome) or the satellite device to which to apply a gateway client authentication configuration. You can also customize the client authentication for users who access the portal from a web browser (to download the GlobalProtect agent) or for third-party IPSec VPN (X-Auth) access to GlobalProtect gateways. This enhancement enables you to customize the authentication method for users according to the type of device they use. For example, you can configure Windows and Mac OS devices to authenticate using one-time passwords and configure Android and iOS devices to authenticate with a combination of LDAP and client certificates.
To configure client authentication for the GlobalProtect portal and gateways, use the following workflow:
Configure Client Authentication by OS
Configure the client authentication with the gateway. Select Network > GlobalProtect > Gateways and then select an existing gateway configuration or Add a new one. Select the Authentication tab. Select an existing Client Authentication configuration or Add a new one. Configure the settings for client authentication: Enter a Name to identify the client authentication configuration. Select the type of client to which to deploy this configuration. By default, the configuration applies to all clients. However, you can customize the type of client by OS ( Android, iOS, Mac, Windows, or Chrome), by Satellite devices, or by third-party IPSec VPN clients ( X-Auth). Select or add an Authentication Profile for authenticating a client device or satellite that tries to access the gateway. Enter an Authentication Message to help end users understand which credentials to use when logging in. The message can be up to 100 characters in length (default is Enter login credentials ). Click OK and Commit.
Configure the client authentication with the portal. Select Network > GlobalProtect > Portals and then select an existing portal configuration or Add a new one. Select the Authentication tab. Select an existing Client Authentication configuration or Add a new one. Configure the settings for client authentication: Enter a Name to identify the client authentication configuration. Enter the type of client to which to deploy this configuration. By default, the configuration applies to all clients. However, you can customize the type of client by a specific OS ( Android, iOS, Mac, Windows, or Chrome), by Satellite devices, or by web-based Browser access. The Browser option is useful if you want to customize an authentication profile for users that need to access the portal to download the GlobalProtect software. Select or add an Authentication Profile for authenticating a client device or satellite that tries to access the gateway. Enter an Authentication Message to help end users understand which credentials to use when logging in. The message can be up to 100 characters in length (default is Enter login credentials ). Click OK and Commit.

Related Documentation