Enterprises often require strict security compliance controls that necessitate periodic user verification, even when existing SAML tokens remain valid. Previously, users reconnecting the GlobalProtect app with Cloud Identity Engine (CIE) authentication were not prompted to re-enter their credentials, which created potential security gaps and compliance challenges. This enhancement introduces support for CIE (SAML) authentication using an embedded web-view , eliminating the need for complex pre-deployment configuration. Crucially, this feature now supports force authentication. You can now configure the GlobalProtect® app to prompt end users to reauthenticate whenever they reconnect, ensuring stricter access control and helping your organization achieve stringent security compliance goals. This functionality works even if the underlying SAML token has not yet expired.