Configure Privileged Remote Access Settings

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Activation & Onboarding
Administration
Version
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
- Prisma Access China
Integrations
Incidents & Alerts

Privileged Remote Access

Set Up the Privileged Remote Access Portal

Configure Privileged Remote Access Settings

Learn how to set up general Privileged Remote Access settings such as enabling PRA and selecting the Cloud Identity Engine directory and authentication profile.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama or Strata Cloud Manager)	Prisma Access 5.2.1 Minimum Prisma Access dataplane version: 11.2.4 Prisma Access license with a Mobile User subscription Privileged Remote Access add-on license

To begin to onboard your users for Privileged Remote Access (PRA), you need to configure general PRA settings such as enabling PRA and selecting the Cloud Identity Engine directory and authentication profile to use with PRA.

Before you configure the PRA settings, be sure to complete the following prerequisites:

Create your first tenant and activate the Cloud Identity Engine.
Review the Cloud Identity Engine directory and authentication profile settings. You can use existing Cloud Identity Engine configurations for directory and authentication profiles. PRA supports only SAML 2.0 authentication with the Cloud Identity Engine.
Make sure that you have a DNS server accessible via the Service Connection that can resolve the hostnames of the RDP, SSH, and VNC apps.
Configure at least one GlobalProtect Mobile User connection method, and select at least one Prisma Access location to support mobile users.
Activate the add-on license for PRA by clicking the activation link in the email you received from Palo Alto Networks.

To configure PRA settings:

Navigate to the PRA Overview page.
- For Strata Cloud Manager Managed Prisma Access:
  1. Log in to Strata Cloud Manager as the administrator.
  2. Select WorkflowsPrivileged Remote AccessPRA Overview.
- For Prisma Access (Managed by Panorama):
  1. Launch Privileged Remote Access from the Cloud Services plugin on Panorama by selecting PanoramaCloud ServicesPrivileged Remote Access.
  2. Click Get Started.
Edit the PRA settings.

The PRA Overview page shows the status of your PRA deployment, such as the Cloud Identity Engine directory and authentication profile settings, the regional endpoint for your Cloud Identity Engine instance, and the locations where PRA will be deployed.
Enable PRA by enabling Enable/Disable Privileged Remote Access.
Set up user authentication for Privileged Remote Access (PRA) so that only authorized users can remotely log in to the PRA to access their apps. PRA works with the Cloud Identity Engine to authenticate users using identity providers like the Active Directory (AD) service and to retrieve the user-group mapping from the AD service.
1. Select the CIE Directory from which to retrieve the user-group mapping.
2. Select a CIE Authentication Profile, which is the SAML authentication profile that validates the login credentials of end users who access PRA.
Save your settings.