Prisma Access Agent
Use Single Sign-On with Prisma Access Agent
Table of Contents
Use Single Sign-On with Prisma Access Agent
Connect automatically to Prisma Access using your device credentials without
additional login prompts for seamless access to organizational resources.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
When your organization has configured single sign-on (SSO) for Prisma Access Agent,
you can connect to the secure network automatically using your existing device
credentials without entering separate login information. This seamless
authentication leverages your operating system's built-in security features to
provide convenient access while maintaining enterprise security policies.
After your administrator configures single sign-on integration on your device, Prisma
Access Agent uses your device login credentials to automatically authenticate and
connect to your organization's secure network. The agent operates silently once you
complete your device login, maintaining your secure connection throughout your work
session without requiring additional authentication steps from you.
Prisma Access Agent offers single sign-on capabilities for macOS and Windows devices
by leveraging macOS Platform SSO and Windows Hello for Business, respectively.
Use Single Sign-On with macOS Platform SSO
Connect automatically to Prisma Access using you macOS login credentials including
Touch ID, Face ID, or smart card with PIN without additional login prompts.
When Platform SSO is configured on your Mac, log into your device using your
organization-provided credentials including your password, Touch ID, Face ID, or
smart card with PIN. Prisma Access Agent automatically detects your login and begins
the authentication process using your existing credentials without displaying
browser windows or additional login prompts.
- Log into your Mac using your organization-provided credentials. This may include your password, Touch ID, Face ID, or smart card with PIN, depending on how your IT administrator has configured your device.When your administrator has pushed the Platform SSO profile to you macOS device, you will be notified to register with your identity provide (IdP). Click the notification to proceed.
![]()
Continue in the Platform Single Sign-on Registration window.![]()
Enter your credentials to authenticate with your IdP.![]()
In the IdP login window, such as Microsoft Entra, enter the same credentials that you entered in the Platform SSO window and Sign in.![]()
If prompted, follow the instructions to approve the sign in request using your Authenticator app.![]()
When your registration is complete, Close the window.![]()
Once authentication completes successfully, you can access your organization's applications and resources through the secure network connection. The agent maintains this connection as long as you remain logged into your device.If you experience authentication issues, ensure that you have logged into your Mac using your organization-provided credentials and verify your network connection can communicate with your organization's authentication services. If authentication fails, the agent will prompt you to enter credentials manually as a fallback option.(Optional) Verify that SSO is enabled on your device.- Go to .Select the information icon for you user name and verify that there is a Platform Single Sign-on section showing the same IdP login information, login method, and status of the registration.
![]()
You can now use the Prisma Access Agent.
Use Single Sign-On with Windows Hello for Business
Connect automatically to Prisma Access Agent using Windows Hello credentials including facial recognition, fingerprint, PIN, or smart card without additional login prompts.When Windows Hello for Business integration is configured on your Windows device, you can log in to your device using your Windows Hello credentials, and Prisma Access Agent will begin the authentication process using your credentials without displaying additional login prompts.Before you begin, make sure that your Windows PC has joined Microsoft Entra ID.- Log in to your device using facial recognition, fingerprint scanning, PIN, or smart card credentials.Prisma Access Agent automatically detects your login and begins the authentication process using your existing Windows Hello session.
![]()
- Depending on your agent configuration, the Prisma Access Agent internal embedded browser or your default system browser will appear. The following image is an example of the embedded browser:
![]()
- If your administrator configured the agent to use the embedded browser and chose to suppress it, the embedded browser will not appear.
Once authentication completes successfully, you can access your organization's applications and resources through the secure network connection. The agent maintains this connection as long as you remain logged into your device.If you experience authentication issues, verify that your Windows Hello for Business setup is functioning properly and that your device can communicate with your organization's authentication services. If authentication fails, the agent will prompt you to enter credentials manually as a fallback option.Verify that SSO is working.You can go to the settings in the Prisma Access Agent app to view the user login information. Confirm that the user name is the same as what you used to log in to your PC.For example:![]()
