Embedded Browser Framework Upgrade
Learn about WebView2.
Starting with GlobalProtect 6.3, the embedded browser framework for SAML authentication
has been upgraded to Microsoft Edge WebView2 (Windows) and WebKit (macOS). This provides
a consistent experience between the embedded browser and the GlobalProtect client.
WebView2 and WebKit are also compatible with FIDO2-based authentication methods.
By default, tenants using SAML authentication are configured to utilize the embedded
WebView2 (Windows) or WebKit (macOS) instead of relying on the system's default browser.
With this enhancement, there's no need for end users to configure a SAML landing page,
eliminating the necessity to manually close the browser. This streamlines the
authentication process.
In a Microsoft entra-joined environment with SSO enabled, users are not
required to enter their credentials in order to authenticate to Prisma Access using
GlobalProtect. This seamless experience is true whether the user is logging in to their
environment for the first time or whether they have logged in before. If there is an
error during the authentication, it is displayed in the embedded browser. This
authentication process works across all device states.
In a non entra-joined environment with SSO enabled, users must enter their
credentials during the initial login. On subsequent logins, the credentials are
auto-filled as long as the SAML identity provider (IdP) session is active and has not
timed out. For more information, see
CIE (SAML) Authentication using Embedded
Web-view.