Global Protect authentication happened two time while using RADIUS

This document guides solutions if Global Protect authentication ask OTP code two times while using the RADIUS server.

GlobalProtect provides you with option to generate an authentication cookie once the user is successfully authenticated. This cookie will be stored on the user's computer and has a configurable life time. The purpose of this cookie is to authenticate the user. Instead of using the authentication method you have setup for your GlobalProtect, the flow would be like this:

Configure GP Portal to generate an authentication cookie. (Do not enable accept auth cookie, only generate)

Configure GP Gateway to accept authentication cookie with life time of 1min. (Do not enable generate, only accept)

Final step is to disable Portal Config selection Criteria in the firewall Web GUI: Network > GlobalProtect > Portals > (Portal Config) Agent > (Agent Config) > Config Selection Criteria > Device Checks / Custom Checks

PreviousUser not found on logs even user exist NextUser is not withdrawn from LDAP.

Last updated 2 years ago