Learn about the exciting new features introduced in the
GlobalProtect™ App 6.1 release.
The following table describes the new features introduced
in GlobalProtect app 6.1. For additional information on how to use
the new features in this release, refer to the GlobalProtect App 6.1 New Features
Guide.
New GlobalProtect Feature
Description
Embedded Browser Framework Upgrade
Starting with GlobalProtect 6.1.5, the embedded browser framework for
SAML authentication has been upgraded to Microsoft Edge WebView2
(Windows) and WebKit (macOS). This provides a consistent experience
between the embedded browser and the GlobalProtect client. WebView2
and WebKit are also compatible with FIDO2-based authentication
methods. For more information, see the Microsoft Edge WebView2
documentation.
By default, tenants using SAML authentication are configured to
utilize the embedded WebView2 (Windows) or WebKit (macOS) instead of
relying on the system's default browser. With this enhancement,
there's no need for end users to configure a SAML landing page,
eliminating the necessity to manually close the browser. This
streamlines the authentication process.
In a Microsoft entra-joined environment with SSO enabled,
users are not required to enter their credentials in order to
authenticate to Prisma Access using GlobalProtect. This seamless
experience is true whether the user is logging in to their
environment for the first time or whether they have logged in
before. If there is an error during the authentication, it is
displayed in the embedded browser. This authentication process works
across all device states.
In a non entra-joined environment with SSO enabled, users
must enter their credentials during the initial login. On subsequent
logins, the credentials are auto-filled as long as the SAML identity
provider (IdP) session is active and has not timed out.
Share Sheet Support
You can now use the iOS and Android Share Sheet to share
GlobalProtect logs. The iOS Share Sheet is supported on GlobalProtect
6.1.0 and later releases and Android Share Sheet is supported on
GlobalProtect 6.1.5 (iOS and Android) and later releases.
Advanced Internal Host Detection
You can now configure advanced internal host detection through
the portal to add an extra security layer during internal host detection
by the GlobalProtect app. Enabling advanced internal host detection
stops malicious actors from spoofing the reverse DNS server response
during the internal host detection and thereby prevents malicious
actors from accessing the enterprise network.
Proxy Auto Configuration (PAC) Deployment from GlobalProtect
You can now configure and push the URL for your proxy auto-configuration
(PAC) files to your endpoints through the GlobalProtect
portal. This feature enables you to manage the proxy settings for
your endpoints using the GlobalProtect app.
End-user Notification about GlobalProtect Session Logout
endpoints in advance when their app sessions are
about to expire due to inactivity or expiry of the login lifetime
and lets them know how much time is left before the app gets
disconnected, preventing unexpected and abrupt app logout.
Simplified and Seamless macOS GlobalProtect
App Deployment Using Jamf MDM Integration
You can now use Jamf Pro, one of the most
widely used Apple device management platforms, to deploy the GlobalProtect
app to macOS endpoints to support large-scale GlobalProtect app
deployments in on-premises and Prisma Access environments. Administrators
can also provide a seamless user experience for macOS end users
by deploying Jamf configuration profiles that can automatically
load system and network extensions, thus preventing the user from
having to respond to notifications on the GlobalProtect app.