When you have more than one client certificate available for GlobalProtect client authentication on Android endpoints, the Choose Certificate pop-up prompt appears, prompting GlobalProtect app users to manually select a specific client certificate.
Starting with Android 8 or a later release, you can delegate certificate selection to GlobalProtect app 5.2.5 or a later release. You can use Workspace ONE to grant permission to the GlobalProtect app for certificate delegation as part of the VPN profile that is pushed from the mobile device management (MDM) server. This enables the GlobalProtect app to select a client certificate based on the client certificate alias without first prompting GlobalProtect app users to manually select a certificate on their Android endpoint. As a result, the Choose Certificate pop-up prompt does not appear on the Android endpoint. If you delegate certificate selection from the MDM server using any other method, the certificates cannot be used by the GlobalProtect app.
Download the GlobalProtect app for Android.
