Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Focus

Prisma Access

Configure Explicit Proxy with SAML (Panorama)

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Configure Explicit Proxy with SAML (Panorama)

This is how you configure Prisma Access Explicit Proxy with SAML on Panorama.

Set up Explicit Proxy.
(Optional) Configure Cloud Identity Engine authentication for Explicit Proxy.

Depending on your Prisma Access version and your dataplane version, configure either a single policy rule or several.

Version Requirements	Configuration
Prisma Access 5.1 or a later version and a dataplane of PAN-OS 10.2.10 or a later version.	Configure a security policy rule for pre-authentication user traffic. Select the Explicit_Proxy_Device_Group. Create an application filter using the Web App tag. Select PoliciesPre RulesAdd. Create the rule. Add the rule. Give it a descriptive name. For example, allow-pre-auth Under the Application tab, Add the Web App application filter. Under the Source tab, Add known-user.
All other Prisma Access and dataplane versions.	Configure security policy rules according to your needs and internet gateway security policy best practices.

Commit the configuration.