This feature is available starting from the PAN-OS 11.1.0
version. For the earlier PAN-OS versions, you must use the predeployment registry
key/plist setting.
This feature enables you to configure the GlobalProtect app to use the default
browser to authenticate to the GlobalProtect portal through the Client
Authentication setting () of the portal configuration. You can now select the Use
Default Browser option on the Client
Authentication screen for the app to use the default browser for
SAML/CAS authentication to authenticate to the portal for the first time. The
Use Default Browser option is displayed on the
Client Authentication screen only when you choose
SAML/CAS as the authentication profile.
Starting from PAN-OS 11.1.0, you do not need to set the pre-deployment keys/plist
entries to configure the app to choose whether the app should use the default
browser or embedded browser instead you can configure it through the Client
Authentication setting of the portal configuration.
Upgrade/Downgrade: - If you downgrade the PAN-OS version from 11.1.0 to an earlier version, the
Use Default Browser configuration that you have
configured in the Client Authentication setting of the portal will be
removed.
- If you upgrade the PAN-OS version from 11.1.0 to a later PAN-OS version and
if you have configured:
- the Use Default Browser for SAML
Authentication option to Yes
in the app settings of the GlobalProtect portal, then:
- The Use Default-Browser option is
enabled (check box selected) in the Client
Authentication setting of the portal configuration.
- the Use Default Browser for SAML
Authentication option to No
in the app settings of the GlobalProtect portal, then:
- The Use Default Browser is not
added and the option is not displayed on the
Client Authentication screen.
- GlobalProtect gateway authentication configurations are not affected during
the upgrade/downgrade scenarios.
