User Experience Enhancements for iOS

GlobalProtect app 5.0 for iOS introduces user experience enhancements.
GlobalProtect app 5.0 for iOS endpoints introduces the following user experience enhancements:

Seamless Login

GlobalProtect app 5.0 introduces a more streamlined and seamless connection experience. The following sections describe the connection experience for first-time users, users with On-Demand mode, and users with Always On mode:
First-Time Connection Experience
End users must perform the following steps to establish a GlobalProtect connection on iOS endpoints for the first time:
  1. Launch the GlobalProtect app.
  2. (Optional) If you have not enabled GlobalProtect notifications on your endpoint, a notification permission dialog appears. Allow GlobalProtect to send you notifications.
    allow-notifications.PNG
    If you Don’t Allow GlobalProtect to send you notifications, a reminder appears the next time you launch the app. Tap the Settings -> GlobalProtect link to go to the notification permission screen, where you can enable notifications. If you still do not want to enable notifications, Skip this screen.
    notification-enable-reminder.PNG
  3. Enter the GlobalProtect portal address.
    enter-portal-address.PNG
  4. (Optional) Depending on the connection mode, tap Connect to initiate the connection.
  5. When the “GlobalProtect” Would Like to AddVPN Configurations message appears, use the following steps to add VPN configurations to your endpoint:
    1. Allow GlobalProtect to add VPN configurations to your endpoint. This setting enables GlobalProtect to filter and monitor network activity on the endpoint when you are using the VPN.
      add-VPN-config.PNG
    2. Enter your iPhone or iPad passcode to confirm that you want to add VPN configurations to your endpoint.
      add-VPN-config-passcode.PNG
  6. (Optional) If your endpoint is unable to verify the identity of the GlobalProtect portal using the portal server certificate, the Cannot Verify Server Identity message appears. If you trust the certificate, tap Continue to proceed with the connection.
  7. (Optional) If prompted, enter your Username and Password, and then SIGN IN.
    sign-in.PNG
  8. (Optional) If you are using multi-factor authentication, enter the GlobalProtect verification Code that is sent to your endpoint after you sign in, and then tap Continue.
  9. (Optional) If your administrator configures the GlobalProtect app to display a welcome message, the welcome message appears upon successful connection. Close the welcome message to proceed to the home screen.
    welcome-message.PNG
  10. (Optional) If there are notifications on your app, the Notifications dialog appears upon successful connection. Close the Notifications dialog to proceed to the home screen.
    notifications-dialog.PNG
  11. When the home screen appears, verify that your connection has established successfully. If the connection is successful, the home screen displays the CONNECTED state.
    connected.PNG
  12. (Optional) By default, the endpoint is automatically connected to the Best Available gateway based on the configuration that the administrator defines and the response times of the available gateways. To connect to a different gateway, tap the gateway drop-down at the bottom of the home screen, and then select a gateway from the list (external gateways only).
    change-gateway.PNG
On-Demand (Remote Access VPN) Connection Experience
When you configure GlobalProtect with the On-DemandConnect Method (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App), end users must launch the GlobalProtect app to initiate the connection manually. After the connection initiates, end users can TAP TO CONNECT to establish the GlobalProtect connection. If you enable GlobalProtect to Save User Credentials, the connection establishes without requiring further user interaction. If you do not enable GlobalProtect to Save User Credentials, end users must sign in to establish the connection. To disconnect GlobalProtect, end users can TAP TO DISCONNECT.
disconnected.PNG
connected.PNG
Always On Connection Experience
When you configure GlobalProtect with the User-Logon (Always On) or Pre-Logon (Always On)Connect Method (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App), the connection initiates automatically. Depending on whether you configure the GlobalProtect app to Save User Credentials (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>Authentication), users can establish the GlobalProtect connection without launching the app. If you enable GlobalProtect to Save User Credentials, the connection establishes automatically without requiring any user interaction. If you do not enable GlobalProtect to Save User Credentials, end users must sign in through the app to establish the connection.

Expired Password Change

Remote users can now change their RADIUS or Active Directory (AD) passwords through the GlobalProtect app for iOS endpoints when their password expires or a RADIUS or AD administrator requires a password change at the next login. This feature is enabled only when the user is authenticated with a RADIUS server using the Protected Extensible Authentication_Protocol Microsoft Challenge Handshake Authentication Protocol version_2 (PEAP-MSCHAPv2).
End users can use the following steps to change their expired passwords on the GlobalProtect app:
  1. Launch the GlobalProtect app.
  2. On the home screen, TAP TO CONNECT to establish the GlobalProtect connection.
  3. (Optional) If prompted, enter your oldUsername and Password, and then SIGN IN.
    sign-in.PNG
  4. When the GlobalProtect app prompts you to Update Password, enter your Current Password followed by your New Password.
    update-password.PNG
  5. Retype Password to confirm your new password.
  6. SIGN IN to reconnect to GlobalProtect with your new password.

Notification Handling

When the GlobalProtect app for iOS endpoints is running in the background, error messages and alerts from the GlobalProtect app display on the endpoint as system notifications. If a notification requires user interaction (for example, if a user must re-enter their credentials after authentication fails), users can tap the system notification to open the GlobalProtect app and complete the interaction. Users can no longer provide inputs for GlobalProtect outside the app. In addition, users can tap a system notification to open the GlobalProtect app and view more details about the notification.
system-notifications.png
notification-sign-in.PNG
When users launch the GlobalProtect app, the app immediately displays all current GlobalProtect notifications (if available) on the Notifications dialog. If a user closes the Notifications dialog, he or she can tap the notification ( notification-icon.png ) icon on the home screen to re-open the dialog. If the app has multiple notifications, users can swipe left or right to view each notification.
notifications-dialog.PNG

Related Documentation