The enhancements for authentication using smart card is now extended to endpoints running on macOS.

The smart card authentication method is enhanced to include an authentication fallback mechanism when the smart card is not available to authenticate users to the GlobalProtect app.

When you set smart card authentication for the end users to authenticate to the GlobalProtect app and when the configured smart card is not available, the user authentication will now fallback to any other username and password authentication methods that you have configured for the app.

The smart card authentication fallback will happen only if you have selected the Allow Authentication with User Credentials OR Client Certificate option while configuring the GlobalProtect gateway and portal. This option defines whether users can authenticate to the portal or gateway using credentials and/or client certificates.

You can predeploy the customized Windows Registry key values for the profile options <PIV> and <NO PIV>