GlobalProtect app 5.0 for iOS introduces authentication changes.
GlobalProtect app 5.0 for iOS endpoints introduces the following authentication changes:
- Enhanced User Experience for Two-Factor Authentication Using One-Time Passwords
- Client Certificate Deployment
Enhanced User Experience for Two-Factor Authentication Using One-Time Passwords
When users authenticate to GlobalProtect portals or gateways using two-factor authentication with one-time passwords (OTPs), the OTP authentication prompt on the GlobalProtect app for iOS no longer blocks access to other applications on the endpoint. In previous versions of the GlobalProtect app (4.1.x and earlier releases), users must tap Cancel on the OTP authentication prompt in order to switch from the GlobalProtect app to other applications for OTP retrieval (for example, if users need to open the Messages app to retrieve OTPs that are sent through text message). Starting with GlobalProtect app 5.0, users can now tap the home button during OTP authentication to switch from the GlobalProtect app to other applications for OTP retrieval. After users retrieve the OTP, they can directly return to the OTP authentication prompt on the GlobalProtect app to complete the authentication attempt.
Client Certificate Deployment
GlobalProtect app 5.0 for iOS uses the Apple NetworkExtension framework for VPN tunnel configuration. With this framework, you can deploy VPN client certificates only by embedding the certificate within a VPN profile. If the certificate is imported directly on an endpoint using methods such as email-based installation, VPN providers cannot access the certificate.
GlobalProtect app 4.1.x and earlier releases used a different VPN framework that allowed system-wide access to any client certificates. This VPN framework has been deprecated by Apple.
GlobalProtect app 5.0 for iOS supports the following client certificate deployment methods:
- Client certificate deployment from an MDM system—If you manage iOS endpoints using an MDM system, you must deploy the client certificate as part of the VPN profile that is pushed from the MDM server. If you deploy client certificates from the MDM server using any other method, GlobalProtect cannot access these certificates.
- Client certificate deployment from the GlobalProtect portal—If you do not use an MDM system to manage your iOS endpoints, you can deploy client certificates from the GlobalProtect portal.These client certificates can be used only for gateway authentication.
- Client certificate deployment using the Apple Configurator—If you do not use an MDM system to manage your iOS endpoints, you can deploy client certificates using the Apple Configurator. From the Apple Configurator, you can generate a .mobileconfig file that contains the entire VPN profile configuration (including client certificates). You can then send the .mobileconfig file to your end users (using methods such as email) so that they can install the file and import the VPN profile configuration on their endpoints. Refer to the Apple Configurator Help for more details.
GlobalProtect App for iOS User Experience Enhancements
GlobalProtect app 5.0 for iOS introduces an enhanced app interface and user experience, MDM configuration changes, and authentication changes. ...
Mobile Device Management Changes
GlobalProtect app 5.0 for iOS introduces mobile device management changes. ...
Get Started with GlobalProtect App 5.0 for iOS
Get started with GlobalProtect app 5.0 for iOS endpoints. ...
New Features Released in GlobalProtect App 5.0
New Features Released in GlobalProtect App 5.0 GlobalProtect app 5.0 introduces the following new features: Support for iOS 12 GlobalProtect app 5.0 supports iOS 12. ...
Always On Security for Chromebooks
Chromebooks now support Always On VPN through extended support for the GlobalProtect app for Android. ...
Features Introduced in GlobalProtect App 5.0
Learn about the exciting new features introduced in the GlobalProtect™ App 5.0 release. ...
User Experience Enhancements for iOS
GlobalProtect app 5.0 for iOS introduces user experience enhancements. ...