GlobalProtect supports several login methods to accommodate a wide variety of security, user experience, and integration requirements. These methods define how users or devices are authenticated to access the GlobalProtect Portal and Gateways.
| Login Method | Description | Use Case | Requirements |
|---|---|---|---|
| On-Demand | User manually initiates connection via the app. | Flexible remote access; no always-on requirement. | Manual user interaction; no machine certificate required. |
| Pre-logon | VPN tunnel is established before user logs into Windows. | Domain join, GPO updates, scripts execution pre-login. | Machine certificate, configured app with "pre-logon" connect method. |
| User-logon | Tunnel connects automatically after user logs into the OS. | Automatic connection for user-based access after login. | User credentials or certificate depending on auth profile. |
| Transparent (SSO) | GlobalProtect uses logged-in OS credentials to authenticate. | Seamless user experience with minimal interaction. | Enable SSO in app settings; depends on OS integration. |
sequenceDiagram
participant User
participant Portal
participant Gateway
User->>Portal: Authenticate (User or Machine)
Portal-->>User: Configuration + Gateway List
User->>Gateway: Establish Tunnel (method depends on config)
Gateway-->>User: Policy Enforced