The GlobalProtect app for Windows and Mac
endpoints now supports pre-logon followed by two-factor authentication
for user login. When an endpoint boots up and Internet is readily
available, GlobalProtect establishes a pre-logon tunnel using the
machine certificate on the endpoint. After the pre-logon tunnel
is established, the user can log in to the endpoint and authenticate
to GlobalProtect using the
configured two-factor authentication
method. If authentication is successful on Windows endpoints, the
pre-logon tunnel is seamlessly renamed to User tunnel and the GlobalProtect
connection is established. If authentication is successful on Mac
endpoints, a new tunnel is created and the GlobalProtect connection
is established.
