Pre-Logon Followed by SAML Authentication

The GlobalProtect app for Windows and Mac endpoints now supports pre-logon followed by SAML authentication for user login.
Software Support
: Starting with GlobalProtect™ App 5.0 and with PAN-OS® 8.0 and later releases
OS Support
: macOS 10.9 and later releases and Windows 7 and 10
The GlobalProtect app for Windows and Mac endpoints now supports pre-logon followed by SAML authentication for user login. When an endpoint boots up and Internet is readily available, GlobalProtect establishes a pre-logon tunnel using the machine certificate on the endpoint. After the pre-logon tunnel is established, the user can log in to the endpoint and authenticate to GlobalProtect using the configured SAML identity provider (IDP). If SAML authentication is successful on Windows endpoints, the pre-logon tunnel is seamlessly renamed to User tunnel and the GlobalProtect connection is established. If SAML authentication successful on Mac endpoints, a new tunnel is created and the GlobalProtect connection is established.
Use the following steps to configure the GlobalProtect app to use pre-logon followed by SAML authentication for user login:

Recommended For You