Fixed an issue where, after upgrading from GlobalProtect app version 6.1.2 to 6.2.6, external users on Windows 11 computers with multiple Azure Entra accounts were unable to authenticate to the portal using SAML with Azure Entra as the Identity Provider (IdP). The new WebView2 embedded browser automatically used the user's default Windows credential for Single Sign-On (SSO), preventing them from selecting the correct account for authentication.
To resolve this issue a new registry key 'entra-sso' has been introduced. You can add the registry key using two methods and set it to no to disable SSO.
1. For pre-deployment, use 'msiexec.exe /i globalprotect64.msi ENTRASSO="no"
or
2. Add key "entra-sso" and set it to "no" under HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings. If the "entra-sso" key does not exist under this path, the GlobalProtect agent's default behavior is to 'Allow' Entra SSO.
| 
