top of page
Search

(202) Microsoft Intune - suppress web browser notification "Open GlobalProtect?" when authenticating with GlobalProtect via SAML

  • Writer: Mr B SOE way
    Mr B SOE way
  • 3 days ago
  • 2 min read

Updated: 1 day ago

When default browser is enabled, web browsers like Google Chrome, Microsoft Edge and others trigger a notification after successful SAML authentication. Two notifications are presented, one for the portal and one for the gateway. When the notification is presented, it requires the end user's manual attention to complete the GlobalProtect connection.

To avoid having the manual selection, the article describes how to modify the Windows Registry to suppress the notification and to provide seamless SAML authentication user experience using Microsoft Intune (Settings Catalog).


How to 

  1. Sign into the Microsoft Intune portal.

  2. Choose Devices > Windows > Configuration > Select Create > New Policy

  3. Select Platform: Windows 10 and later and Profile Type: Settings Catalog

  4. Under create profile, give it a name like: Set Browsers to AutoLaunchProtocolFromOrigins


  5. Select Add settings and search for Define a list of protocols that can launch an external application from listed origins without prompting the user, this will appear for both Google Chrome and Microsoft Edge.

 





















6. Select 'Enabled' for both settings.

  • Under "Define a list of protocols that can launch an external application from listed origins without prompting the user (Device)", the settings would be:

    • [{"protocol": "globalprotectcallback", "allowed_origins": ["sslvpn.domain.local”"]}]


      OR

    • [{"protocol": "globalprotectcallback", "allowed_origins": [“sslvpn.domain.local”,“sslvpn-1.domain.local”]}] if you have more than one


      OR

    • [{"allowed_origins": ["*"], "protocol": "globalprotectcallback"}] a wildcard can be used

7. Once the following values have been entered, in this I have used the wild card option: [{"allowed_origins": ["*"], "protocol": "globalprotectcallback"}] Select Next and deploy to your assignments.



















8. Once the policies have been deployed, by checking the registries: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge

And HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome, you will see that AutoLaunchProtocolsFromOrigins has been applied.


When authenticating to GlobalProtect, it automatically re-direct you to SAML being completed without having to manually tick the box.


 
 
 

Comments

bottom of page