The Cloud Identity Engine now supports the capability to require users to authenticate using their credentials to reconnect to GlobalProtect, even if the SAML authentication token is still valid. The Force Authentication option helps provide the ability to meet strict security requirements to ensure that your users are in compliance with your security policy requirements for your SAML 2.0-based identity provider (IdP), and to prevent outdated credentials from being used to access resources. In this release, the Cloud Identity Engine supports Force Authentication for Okta, Azure Active Directory, and PingOne. For more information, refer to Configure a SAML 2.0 Authentication Type in the Cloud Identity Engine Getting Startedguide.