Workflow: Google SAML Authentication with MFA

In this article, we will highlight the authentication workflow from a client’s perspective


Workflow 1: GlobalProtect Client VPN – Initial Connection (Windows, Mac, Linux, Android, IOS)

  1. User opens GlobalProtect application
  2. If not set, user enters the address of the GlobalProtect Portal, and clicks “Connect”GlobalProtect Client Login
  3. User is redirected to Google’s SAML SSO login page, and prompted to sign-in with their Google AccountGoogle Account Sign-In
  4. User signs-in with their Google Account username (email address) and passwordGoogle Account password
  5. User is prompted for MFA (2FA), if configured on their Google Account (or enforced by Gsuite administrator)
    Google 2SV

    • User can pass MFA verification via standard Google Methods:
      1. Tap “Yes” on your phone or tabletTap Yes 2SV
      2. User your phone or tablet to get a security code (even if it’s offline)
      3. Get a verification code from the Google Authenticator appGoogle Authenticator 2SV
      4. Get a verification code at <your phone number>
  6. User transparently goes through GlobalProtect Gateway authentication. (No re-submission of credentials necessary)
  7. User gets connected