You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Remote Access > VPN Tunneling > Automatically Signing into VPN Tunneling Using GINA

Automatically Signing into VPN Tunneling Using GINA

The Graphical Identification and Authorization (GINA) sign-in function is an automated sign-in method you can install and enable on Windows clients signing in to a Windows NT domain. You can require VPN tunneling to install GINA on the client machine, or you can allow users to decide whether or not to install GINA when they launch VPN tunneling.

Note: You cannot install more than one GINA automatic sign-in function on a client’s system. If another application on the client’s system uses a GINA function, VPN tunneling cannot install and activate the GINA component.

If GINA is installed on the client, it automatically prompts the user to choose whether or not to launch VPN tunneling each time he/she signs in to Windows. If you choose to make GINA installation optional, the user can activate GINA using the Auto connect when login to Windows option in the VPN tunneling window. This option is only available during an open VPN tunneling session.

The option to enable GINA installation on client systems is available when you define role attributes in the Users > User Roles > Role> VPN Tunneling page. See Figure 119.

Figure 119: GINA Installation Process

The GINA installation process takes place one time and requires the user to perform a system reboot in order to enable GINA sign-in capability. From that session forward, GINA prompts the user to decide whether or not to launch VPN tunneling at each Windows sign-in. When the user signs in, unless otherwise specified, GINA passes the user’s Windows sign-in credentials to the system for authentication before establishing the VPN tunneling tunnel.

Note: End users cannot modify their Windows user password through VPN tunneling GINA.

When a user logs in to the device through the Pulse Secure GINA, if the version of the VPN tunneling client on the user’s computer matches that on Connect Secure, the Pulse Secure GINAestablishes a VPN tunneling connection. If the VPN tunneling versions do not match, the Pulse Secure GINAdoes not establish a VPN tunneling connection to Connect Secure. Prior to release 5.4, the Pulse Secure GINAdisplays a version mismatch warning and allows users to log in to the Windows desktop using their cached credentials. With release 5.4 and later, the Pulse Secure GINAallows the users to log in to the Windows desktop using their cached credentials and then launches a standalone VPN tunneling. Users log in to the device and the appropriate VPN tunneling client automatically downloads to the user’s computer and launches.

If you use Host Checker to validate the presence of client-side security components (pre-authorization), Host Checker starts after VPN tunneling is launched. This is sometimes called a system-mode check. Host Checker exists after successful validation and is later restarted once the user is logs in to their desktop (called user-mode).