Embedded Browser agent does not work in GlobalProtect SAML Authentication

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Embedded Browser agent does not work in GlobalProtect SAML Authentication

L2 Linker

The customer is using PAN-OS 10.2.4-h2, and configuring GlobalProtect agent setting "Use the Default System Browser for SAML Authentication" to "No" does not disable the default system browser for GlobalProtect SAML authentication.


The embedded browser in GlobalProtect does not work correctly and every time we try to logon though default system browser is set to NO. We see the default browser opens up.


This issue occurs on both Windows and macOS devices using GlobalProtect version 6.1.1. We are using Cloud Identity Engine as the SAML auth provider for GlobalProtect.


We also have another deployment using PAN-OS 10.1.6-h6 and GP Client - 6.0.1 on the gateway and we see embedded browser to work correctly.


We are testing using the same Windows/Mac Client with GP 6.1.1 and when connected to PAN-OS 10.2.4-h2 we see that embedded browser does not work correctly.


Has anyone faced the same issue before? I checked and cannot see anything documented in known limitations as well.




L2 Linker

If you are using CIE as the method of authentication, you cannot use the embedded browser. It will always use the default browser even if you uncheck the "Use default browser" box.

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!