Why does SSL VPN Client connecting with SAML use embedded browser?

Dan_Schreck

I was very excited when Watchguard finally came out with a supported way to authenticate SSLVPN connections via SAML, but I have been disappointed by the implementation.

By only authenticating using an embedded webview browser there has been a lot of issues:

• browser doesn't seem to remember any part of credentials
• trouble doing enhanced authentication that Entra offers like checking machine compliance
• latest issue with embedded webview not working all of a sudden
• much bigger client to push out
• no SSO for machines that are already authenticated to Entra

We also use OpenVPN Access Server and it's SAML authentication uses the default browser on the computer. This method works great for us. Our users often are already authenticated on their browser so they don't have to do anything. This default browser method is also what Watchguard does for Macs. So why can't it be done for windows? Or at least give us the option of embedded OR default?

I would really like some more info as to why it's done this way. Thanks a lot

james.carson

Hi @Dan_Schreck I'm not entirely sure why the choice was made to use an integrated browser. The MacOS version of the client is using Webkit, which isn't entirely passing to the system browser.

If you'd like to see an option or a shift to the default system browser, I'd suggest posting in the idea portal in WatchGuard Cloud. You can get there by going to the help menu inside cloud.watchguard.com and selecting "Give Feedback."