The embedded browser is a feature that integrates a web browser directly into the Prisma Access Agent, providing a consistent and secure authentication experience for your users. This feature addresses the challenges of managing SAML authentication across various web browsers and simplifies the login process for end users.

The embedded browser utilizes the Chromium-Embedded Framework (CEF) on Windows and the native WebKit Framework on macOS. The feature supports various authentication scenarios, including SAML, SAML and client certificate, and SAML or client certificate. The embedded browser enhances security by providing a controlled environment for authentication. It manages cookies, handles certificate warnings, and supports client certificate selection on the Prisma Access Agent app.

By default, Prisma Access Agent uses the embedded browser for SAML authentication. If you choose to, you can configure the agent to use the default system browser for SAML authentication.

When Prisma Access Agent requires SAML authentication on an endpoint, the agent opens a SAML login page in the embedded browser, which closes upon successful authentication. If you use the default system browser for SAML authentication, the browser tab remains open upon successful authentication. If the user does not close the browser tab each time after authentication, multiple browser tabs can remain open, leading to confusion, poor user experience, and potential security vulnerabilities associated with browser redirections.

The embedded browser is designed to work seamlessly with existing Prisma Access Agent connection modes, such as always-on and on-demand access.