Embedded Browser Framework Upgrade
|
Starting with GlobalProtect 6.0.9, the embedded browser framework for
SAML authentication has been upgraded to Microsoft Edge WebView2
(Windows) and WebKit (macOS). This provides a consistent experience
between the embedded browser and the GlobalProtect client. WebView2
and WebKit are also compatible with FIDO2-based authentication
methods. For more information, see the Microsoft Edge WebView2
documentation.
By default, tenants using SAML authentication are configured to
utilize the embedded WebView2 (Windows) or WebKit (macOS) instead of
relying on the system's default browser. With this enhancement,
there's no need for end users to configure a SAML landing page,
eliminating the necessity to manually close the browser. This
streamlines the authentication process.
In a Microsoft entra-joined environment with SSO enabled,
users are not required to enter their credentials in order to
authenticate to Prisma Access using GlobalProtect. This seamless
experience is true whether the user is logging in to their
environment for the first time or whether they have logged in
before. If there is an error during the authentication, it is
displayed in the embedded browser. This authentication process works
across all device states.
In a non entra-joined environment with SSO enabled, users
must enter their credentials during the initial login. On subsequent
logins, the credentials are auto-filled as long as the SAML identity
provider (IdP) session is active and has not timed out.
|