Fixed an issue where, after upgrading from GlobalProtect app version
6.1.2 to 6.2.6, external users on Windows 11 computers with multiple
Azure Entra accounts were unable to authenticate to the portal using
SAML with Azure Entra as the Identity Provider (IdP). The new
WebView2 embedded browser automatically used the user's default
Windows credential for Single Sign-On (SSO), preventing them from
selecting the correct account for authentication.To resolve this
issue a new registry key 'entra-sso' has been introduced. You can
add the registry key using two methods and set it to no to disable
SSO. - For pre-deployment, use msiexec.exe /i
globalprotect64.msi ENTRASSO="no"
- Add key entra-sso and set it to nounder
HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto
Networks\GlobalProtect\Settings.
If the entra-sso key does not exist under the above path, the
GlobalProtect app's default behavior is to Allow Entra
SSO.
|