How Explicit Proxy Identifies Users

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Proxy Mode on Remote Networks

Explicit Proxy Forwarding Profiles

How Explicit Proxy Identifies Users

These are the ways that Prisma Access Explicit Proxy identifies users.

Where Can I Use This?	What Do I Need?
`Prisma Access (Managed by Strata Cloud Manager)` `Prisma Access (Managed by Panorama)`	`Prisma Access` license

Explicit Proxy identifies users in the Traffic logs dependent on how the users authenticate with the proxy, as shown in the following table.

Authentication Type	User Identification in Traffic Logs
Users who login using SAML authentication and decryption	The username.
Users who login from another proxy that uses X-Authenticated-User (XAU) headers	XAU header information. Explicit Proxy only allows traffic from specific IP addresses to use XAU for authentication. You create an address object and specify the IP addresses where you allow XAU for authentication; then, add the address object in the Trusted Source Address field during Explicit Proxy setup.
Authenticated cross-origin resource sharing (CORS) requests	The swg-authenticated-ip-user user. Some traffic comes from authenticated users whose browsers can't send cookies or perform authentication redirection, such as CORS requests. In such cases, Explicit Proxy adds the swg-authenticated-ip-user to the Traffic logs.
Undecrypted traffic (if you have allowed Explicit Proxy to allow undecrypted traffic from IP addresses where users have previously authenticated)	The swg-authenticated-ip-user user. You can specify Explicit Proxy to allow undecrypted traffic from IP addresses where users have authenticated; to do so, specify Decrypt traffic that matches existing decryption rules; for undecrypted traffic, allow traffic only from known IPs registered by authenticated users when you configure Explicit Proxy. In these configurations, Explicit Proxy adds the swg-authenticated-ip-user to the Traffic logs.
Traffic for domains for which you’ve chosen to bypass authentication	The swg-known-auth-bypass user. When you set up Explicit Proxy, you can choose to bypass authentication from specific domains. The username for traffic from these domains will appear in the logs as swg-known-auth-bypass.

Proxy Mode on Remote Networks

Explicit Proxy Forwarding Profiles

Prisma Access Docs

How Explicit Proxy Identifies Users

Prisma Access Docs

How Explicit Proxy Identifies Users

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner