New Features - GlobalProtect - 6.2
CIE (SAML) Authentication using Embedded Web-view
Enterprises often require strict security compliance controls that necessitate periodic user verification, even when existing SAML tokens remain valid. Previously, users reconnecting the GlobalProtect app with Cloud Identity Engine (CIE) authentication were not prompted to re-enter their credentials, which created potential security gaps and compliance challenges. This enhancement introduces support for CIE (SAML) authentication using an embedded web-view, eliminating the need for complex pre-deployment configuration. Crucially, this feature now supports force authentication. You can now configure the GlobalProtect® app to prompt end users to reauthenticate whenever they reconnect, ensuring stricter access control and helping your organization achieve stringent security compliance goals. This functionality works even if the underlying SAML token has not yet expired.
Available in PAN-OS 11.2.0 and later releases.
CLI Support to Connect to the GlobalProtect App with SAML Authentication
You can now use the command-line interface (CLI) to initiate, manage, and terminate SAML-authenticated sessions on Linux, giving you a command-line workflow for connection management without requiring you to interact with the full desktop application.
Previously, establishing a GlobalProtect connection with SAML authentication on Linux required using the GUI application throughout the entire process. There was no way to initiate or control connections from the command line, making it difficult to integrate GlobalProtect into scripted or automated workflows.
With this update, you use the GlobalProtect app CLI to start and manage connections. When SAML authentication is required, your default browser opens to complete the authentication step — after which the authenticated session is fully managed through the CLI. This lets you script connection setup and teardown while GlobalProtect handles the browser-based authentication handoff automatically.
This functionality is available starting with the GlobalProtect app for Linux version 6.2.1 and is supported on Fedora, Ubuntu, and Red Hat Enterprise Linux.