This feature is available starting from the PAN-OS 11.1.0
version. For the earlier PAN-OS versions, you must use the predeployment registry
key/plist setting.
This feature enables you to configure the GlobalProtect app to use the default
browser to authenticate to the GlobalProtect portal through the Client
Authentication setting () of the portal configuration. You can now select the Use
Default Browser option on the Client
Authentication screen for the app to use the default browser for
SAML/CAS authentication to authenticate to the portal for the first time. The
Use Default Browser option is displayed on the
Client Authentication screen only when you choose
SAML/CAS as the authentication profile.
Starting from PAN-OS 11.1.0, you do not need to set the pre-deployment keys/plist
entries to configure the app to choose whether the app should use the default
browser or embedded browser instead you can configure it through the Client
Authentication setting of the portal configuration.
Consider the following while performing upgrade or downgrade of the PAN-OS
versions:
Upgrade PAN-OS version from 11.0.x to 11.1.0:
- When you upgrade the PAN-OS version from 11.0.x to 11.1.0, then:
- The Use Default-Browser option is enabled
(check box selected) in the Client Authentication setting of the
portal configuration if any of the portal agent configuration has
Use Default Browser
for SAML Authentication option
enabled.
when you upgrade the PAN-OS version from 11.0.x to 11.1.0 and if the
Use Default Browser for SAML Authentication
option is set to
No in the app settings, then:
- The Use Default Browser option is not
added and the option is not displayed on the Client
Authentication screen.
Downgrade PAN-OS version from 11.1.0 to an earlier version
If you downgrade the PAN-OS version from 11.1.0 to an earlier version, the
Use Default Browser configuration that you have
configured in the Client Authentication setting of the portal will be removed.
GlobalProtect gateway authentication configurations are not
affected during the upgrade/downgrade scenarios.