Workflow: Google SAML Authentication with MFA
In this article, we will highlight the authentication workflow from a client’s perspective
Workflow 1: GlobalProtect Client VPN – Initial Connection (Windows, Mac, Linux, Android, IOS)
- User opens GlobalProtect application
- If not set, user enters the address of the GlobalProtect Portal, and clicks “Connect”
- User is redirected to Google’s SAML SSO login page, and prompted to sign-in with their Google Account
- User signs-in with their Google Account username (email address) and password
- User is prompted for MFA (2FA), if configured on their Google Account (or enforced by Gsuite administrator)
- User can pass MFA verification via standard Google Methods:
- Tap “Yes” on your phone or tablet
- User your phone or tablet to get a security code (even if it’s offline)
- Get a verification code from the Google Authenticator app
- Get a verification code at <your phone number>
- Tap “Yes” on your phone or tablet
- User can pass MFA verification via standard Google Methods:
- User transparently goes through GlobalProtect Gateway authentication. (No re-submission of credentials necessary)
- User gets connected
