Prisma Access Browser
The Prisma Access Browser Extension
Table of Contents
Expand All
|
Collapse All
Prisma Access Browser Docs
The Prisma Access Browser Extension
The Prisma Access Browser Extension is a tool that allows organizations to apply some of
the Prisma Access Secure Enterprise Browser functionality without installing the full browser.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The Prisma Access Browser Extension is a tool that you can install on commercial browsers
such as Google Chrome and Microsoft Edge browsers, running on Windows, macOS, and
ChromeOS Operating Systems
IT and security teams can enhance organizational security by implementing Prisma Access Browser with a hybrid strategy, using the Prisma Access Browser Extension to
bridge current browsing practices with advanced protections. This approach enables
employees to continue using familiar browsers while administrators gain greater
visibility and control over all browsers across the enterprise.
The extension actively monitors user activity on commercial browsers, helping
to mitigate Shadow IT risks and providing real-time phishing protection. By centralizing
visibility and allowing consistent enforcement of security policies, the Prisma Access Browser Extension integrates smoothly with existing tools while guiding users
to the enterprise browser when accessing sensitive applications.
Designed as a foundational layer in a phased deployment, the Prisma Access Browser
Extension supports a secure transition toward full adoption of the Prisma Access Browser.
For scenarios requiring heightened protection, such as critical applications or
high-risk users, a full enterprise browser deployment offers unparalleled control and
functionality, setting a gold standard for security. This hybrid solution thus delivers
immediate security benefits while preparing organizations for comprehensive,
enterprise-grade browser security.
Deploy the Prisma Access Browser Extension
The Prisma Access Browser Extension can be installed on chromium-based
browsers (Chrome, Edge, Arc, Brave), running on Windows, macOS, and ChromeOS
Operating System.
The extension deployment is based on the operating system, the IdP, and the
browser type. Currently, Okta, Azure, and Google are the supported IdP applications.
For more information regarding Prisma Access Browser Extension Deployment,
see Deploy the Prisma Access Browser Extension.
Prisma Access Browser Extension Login Enforcement
Currently, the Prisma Access Browser Extension utilizes an automatic login
feature that detects the user names from the most recent login to a web Identity
Provider (IdP) application before applying Prisma Access Browser Extension policies. In
some cases, the user name may not be recognized, preventing the Browser Extension
from logging in and enforcing the admin policy. This occurs mainly in cases where
the user has not yet logged into any IdP applications on their browser.
To avoid situations like this, the Prisma Access Browser Extension includes a
feature that you can configure that requires logging into the Prisma Access Browser
Extension before accessing specified sites. This prevents users from bypassing the
administrative policies by using applications without the proper login.
To configure the Login Enforcement Policy, follow the procedures for
creating a new Data Control rule. Take note of
the following requirements:
- In the Scope section, select the user Anonymous PABX. When you select the Anonymous PABX user, several sections in the Add rule wizard will be unavailable. Some of the options in the available sections will also be unavailable.
- In the Destinations section, configure the applications and URLs that users will be allowed to access without being logged in to the IdP.
- In the Web Access section, select Allow. Now you will create the second part of the Login Enforcement:
- In the Scope section, select the user Anonymous PABX.
- In the Destinations section, configure the applications and URLs that users will be not be allowed to access without being logged in to the IdP.
- In the Web Access section, select Block
Please do not block the IdP URLs in the Web
application step. This will prevent users from logging into the Prisma Access Browser
Extension.
Prisma Access Browser Extension Posture Attributes
The Prisma Access Browser Extension allows you to configure the posture requirements for
your devices running the Prisma Access Browser Extension in the same way that it
configures posture for your desktop and laptop devices running the Prisma Access Browser.
For more information on the available Posture attributes, refer to Configure Prisma Access Browser Extension Posture Attributes.
Prisma Access Browser Extension Policy
Access & Data Control Rules
Features of supported Access & Data Control policies are supported for
devices running the Prisma Access Browser Extension. The following exceptions
should be noted:
- The Set dialog text feature, that permits you to customize your own text for a particular feature, is supported for the extension.
- Note the following feature functionality in the Web Access section:
- Prompt options:
- Permission request - Acts as Block.
- Warn and allow to proceed anyway - Supported.
- Warn and allow to proceed anyway with reason - Supported.
- Require MFA - Not supported.
- Pick A Label - Not supported (skipped).
- Enforce Prisma Access Browser Extension traffic redirection to Prisma Access Browser allows you to redirect users to the Prisma Access Browser when accessing web applications. The Allow/Prompt/Block settings will still be enforced, regardless.
- Prompt options:
- Login restrictions - Not supported (skipped).
- When contains... - Not supported (skipped).
Data Controls - Data Leak Prevention
You need to be aware of the differences
between the Prisma Access Browser and the Prisma Access Browser Extension policies.
File Download
For more information, see File Download.
File Download control provides multiple capabilities related to
downloading files from websites that match a specified URL, application or
website classification.
To set the File Download control:
- Allow - the Prisma Access Browser Extension will allow all downloads.
- Allow (Protected)) - Will be treated as Block.
- Block - The Prisma Access Browser Extension will block all downloads.
- Apply on:- Select between one of the following options:
- Any file - the download restrictions will apply to all files.
- Specific files- the download restrictions will apply to files
that meet the selected specifications (the rule can contain as many
of these specifications as needed):
- File size - set the size of the file.
- File types - set the file types that need to match this rule.
- File hash - Not supported.
- MIP label - Not supported.
- Prompt- when there is a restriction, select between one of
the following options:
- None - there will be no prompts.
- Before download - Not supported; treated as Block.
- Require MFA - Not supported.
File Upload
For more information, see File Upload.
File Download control provides multiple capabilities related to
downloading files from websites that match a specified URL, application or
website classification.
To set the File Download control:
- Allow - the Prisma Access Browser Extension will allow all downloads.
- Allow protected files only between the rule’s web applications) - Treated as Block.
- Allow only non-protected files - Treated as Block.
- Block - The Prisma Access Browser Extension will block all downloads.
- Apply on:- Select between one of the following options:
- Any file - the download restrictions will apply to all files.
- Specific files- the download restrictions will apply to files
that meet the selected specifications (the rule can contain as many
of these specifications as needed):
- File size - set the size of the file.
- File types - set the file types that need to match this rule.
- File hash - Not supported.
- MIP label - Not supported.
- Prompt- when there is a restriction, select between one of
the following options:
- None - there will be no prompts.
- Before Upload - Not supported; treated as Block.
- Require MFA - Not supported.
Clipboard - Only works for
visibility in the selected Scope
Browser Security - Extensions
The following policies are supported:
Browser Customization - Branding
The following policies are supported: