Single sign-on (SSO) integration enables Prisma Access Agent to automatically authenticate users using their existing device credentials, eliminating separate authentication prompts while maintaining always-on security protection. The configuration process varies depending on your endpoint operating system. For macOS devices, you deploy SSO extension profiles that integrate with the Platform SSO framework. For Windows devices, you configure Windows Hello for Business integration that leverages Primary Refresh Tokens stored in the TPM. Windows devices require proper identity provider integration with Microsoft Entra ID and device enrollment in your MDM solution. macOS devices require proper integration with identity providers such as Microsoft Entra ID or Okta and device enrollment in your MDM solution.