Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
31323334353637383940
GlobalProtect Administrator’s Guide 27
Set Up the GlobalProtect Infrastructure Set Up GlobalProtect User Authentication
Enable Two-Factor Authentication Using Smart Cards
If you want to enable your end users to authenticate using a smart card or common access card (CAC), you must
import the Root CA certificate that issued the certificates contained on the end user CAC/smart cards onto the
portal/gateway. You can then create a certificate profile that includes that Root CA and apply it to your portal
and/or gateway configurations to enable use of the smart card in the authentication process.
Step 6 Save the configuration. Click Commit.
Step 7 Verify the configuration.
This step assumes that your gateway and
portal are already configured. For details
on setting up these components, see
Configure GlobalProtect Gateways and
Configure the GlobalProtect Portal.
From a client system running the GlobalProtect agent, try to connect
to a gateway or portal on which you enabled OTP authentication.
You should see two prompts similar to the following:
The first will prompt you for a PIN (either a user- or
system-generated PIN):
The second will prompt you for your token or OTP:
Enable Smart Card Authentication
Step 1 Set up your smart card infrastructure.
This procedure assumes that you have
deployed smart cards and smart card
readers to your end users.
For specific instructions, refer to the documentation for the user
authentication provider software. In most cases, setting up the smart
card infrastructure requires generating certificates for end users and
for the servers participating in the system, which are the
GlobalProtect portal and/or gateway(s) in this case. The certificates
for the users and the portal/gateway(s) must all be issued by the same
Root CA.
Enable OTP Support (Continued)