About the Embedded Browser for SAML Authentication
Details about the embedded browser.
Beginning with the GlobalProtect app 6.0.9 and later, 6.2.3 and later, and 6.3 and later
releases, the embedded browser framework for SAML authentication has been upgraded to
Microsoft Edge WebView2 (Windows) and WKWebView (macOS). This provides a consistent
experience between the embedded browser and the GlobalProtect client. By default,
tenants using SAML authentication are configured to utilize the embedded WebView2
(Windows) or WKWebView (macOS) instead of relying on the system's default browser. With
this enhancement, there's no need for end users to configure a SAML landing page,
eliminating the necessity to manually close the browser. This streamlines the
authentication process.
(Windows endpoints only) In a Microsoft entra-joined environment with
SSO enabled, users are not required to enter their credentials in order to authenticate
to Prisma Access using GlobalProtect. This seamless experience is true whether the user
is logging in to their environment for the first time or whether they have logged in
before. If there is an error during the authentication, it is displayed in the embedded
browser. This authentication process works across all device states. In a non
entra-joined environment with SSO enabled, users must enter their credentials during the
initial login. On subsequent logins, the credentials are auto-filled as long as the SAML
identity provider (IdP) session is active and has not timed out.