You can enable browser logins using local Windows accounts linked to Active
Directory.
You need to set a local registry key on managed devices to configure this
feature. The key is
reg add "HKLM\Software\Policies\Palo Alto Networks\PrismaAccessBrowser" /v
ForceEnableMsSSO /t REG_DWORD /d 1 /f
Using this, your users only need to enter their username (e.g.,
richarddorlinger@example.com). When they log in, their credentials are authenticated
against the local machine. This ensures that the enter username matches the locally
logged-in user.
Automatic Web Application Sign-In Using Microsoft Entra ID
You can leverage Prisma Access Browser’s capabilities to enable
seamless authentication during Microsoft SSO flows for web applications.
How It Works:
Enable the Microsoft SSO control when you create a Browser
Customization rule. From Strata Cloud Manager, select Configuration>Prisma Access Browser>
Policy>Profiles>Browser Customization, and select
Microsoft Auto-SSO.
Once this is done, your users will be able to navigate to web
applications and experience automatic sign-in using Microsoft SSO, authenticated
via corporate Active Directory connections.
Support for Microsoft Entra on macOS Devices
Prisma Browser now supports Microsoft Enterprise SSO plug-in for Apple
devices. This allows users to seamlessly authenticate to Microsoft Entra web
apps.
What you need to do:
- Deploy and configure the Enterprise Single Sign On plug-in for Apple
configured on macOs devices. The information can be found on the Microsoft Entra site.
- Make sure that the device is enrolled and has the Intune Company Portal,
version 5.2504.0 or higher.
- Make sure that the minimum Prisma Browser version is
136.
