Provision new device with GlobalProtect VPN Client and User certificate

Question

Provision new device with GlobalProtect VPN Client and User certificate

Andrew Stevenson (IT) 0

Hi folks,

This is probably a straightforward one, but due to my limited knowledge around certificates, I'm a little stumped. We use GlobalProtect VPN Client, which authenticates the user using a combination of their username/password and the CA issued user cert. On-prem, there's no issue - A, because the users are able to directly connect to the DC and get/renew the cert (using auto-enrollment) and B, we have the VPN client to stop when on an internal network. We're looking to move toward Intune to provision devices for users - join domain, push apps, etc. - nothing too major. However I'm struggling to understand how the devices can join the domain, have the VPN client installed, and have a user login and the user cert be there waiting for them. Currently, the VPN doesn't join due to no user cert, and the domain join process not fully completing. There's no plan, or intention, to move to device based authentication at this time. Sorry for the open endedness of the query, but any help would be appreciated. Thanks.

Rahul Jindal [MVP] 10,911 Reputation points MVP

2023-04-06T11:25:50.75+00:00

First of all, is there really a need for domain join? Is AADJ identity not an option? As for the user certificate, you can deploy SCEP, PKCS based certificate profiles. You will have to check which of this certificate types can be used in your infrastructure.

Your answer

Rahul Jindal [MVP] 10,911 Reputation points MVP

2023-04-06T11:25:50.75+00:00

First of all, is there really a need for domain join? Is AADJ identity not an option? As for the user certificate, you can deploy SCEP, PKCS based certificate profiles. You will have to check which of this certificate types can be used in your infrastructure.

Share via

Provision new device with GlobalProtect VPN Client and User certificate

Your answer