Learn how your users can access and use the Privileged Remote Access portal.
Where Can I Use This?
What Do I Need?
Privileged Remote Access (PRA) portal
A web browser that supports HTML5
PRA credentials
Your users will log in to the Privileged Remote Access (PRA) portal to access their PRA apps. You will need to send the PRA
portal URL to your users. You can obtain the portal URL from the PRA Portal page.
PRA automatically creates the portal when you enable PRA and configure the portal domain name (either a subdomain or
a custom domain). All activities performed in the PRA portal
take place after the user authenticates and logs in to the portal. For
authentication, PRA uses the Cloud Identity Engine.
Your user can perform the following actions in the PRA
portal:
Log in to the PRA portal—To access the PRA portal, your end users must access the portal URL
that you sent to them. Whenever they visit the PRA
portal, they are first authenticated using the Cloud Identity Engine.
The following is the login sequence that takes place:
The user visits the portal by entering the portal URL in their web
browser. For example: example.panwpra.com
The users are authenticated using the Cloud Identity Engine.
View active connections—The user can view the list of apps they are
actively connected to. They can view the following data:
Connection Name—The name of the app they are
connected to
App Type—The connection protocol used (RDP, SSH,
or VNC)
Started At—When they last connected to the
app
Last Active—Whether the connection is still
active by showing when they last interacted with the app
User Agent—The browser used to access the
app
Access an app from the Admin-Defined Apps or
User-Defined Apps sections—The user can select
Actions next to the app that they want to connect
to.
The app appears in a separate window that your user can interact with. If you
did not add the app with login credentials for the target machine, the user
will be prompted to enter their credentials.
Disconnect an app connection—The user can click
Disconnect in a connected app window, or select
an active connection from the PRA portal and click
Delete Selected.
Manually add an app—If you allow user-defined apps, the
user can manually add an app.
Transfer files—If the associated PRA profile allows, the user can upload or download
files from the remote app.
Log out—The user can log out of the PRA portal by
clicking the user icon and selecting Log out.
User-defined apps are not visible to other users. PRA
automatically applies the default profile for user-defined
apps.
To manually define an app from the PRA portal, the user
needs to:
Click Add App in the User-Defined Apps
section.
Enter the general details for the app:
Select the App Type for the app
(RDP, SSH, or
VNC).
Enter the App Name and an App
Description.
Enter the Destination FQDN or IP Address and
Port for the app (if not using the
default port).
(Optional) Configure authentication settings for the app. The
authentication settings depend on the app type.
For RDP apps:
Enter the User Name and
Password for the remote app, and
confirm the password. The username and password are optional,
but both must be provided or both must be empty.
For SSH apps:
Enter the User Name and
Password for the remote app, and
confirm the password.
(Optional) Enter the Private
Key. If the private key is encrypted, enter
the Passphrase.
(Optional) Enter the Host
Key entries for the remote host, which users
can obtain from the ssh-keyscan
command on the host. Enter one key per line. Lines that
begin with # are comments.
For VNC apps:
(Optional) Enter the User
Name and Password for
the remote app, and confirm the password. The username and
password are optional, but both must be provided or both
must be empty.
(Optional) Select Enable File
Transfer to allow the upload and download of
files using SFTP (SSH File Transfer Protocol).
Enter the SFTP Username and
SFTP Password. If no
password is used, provide the SFTP private key.
Enter the SFTP Port to use
for file transfers. The range is 0-64435.
Enter the SFTP Private Key if
not using the SFTP password.
If the SFTP private key is encrypted, enter the
SFTP Passphrase.
(Optional) Enter the SFTP Host
Key.
To save the app settings, Create Custom App.
The users can bookmark an administrator-created
app or user-created app and launch them later by clicking on the link in
the bookmark.
Transfer Files in the Privileged Remote Access App
If the associated Privileged Remote Access (PRA)profile allows, the user can upload or
download files while they are connected to a remote app.
For an admin-defined VNC app, you must enable file transfer when you add the VNC app for . For a user-defined VNC app, the user must enable file transfer
when they manually add the VNC app.
To manually transfer files from a PRA app, the user needs
to:
Log in to the PRA portal.
Launch an admin- or user-defined app to which they want to transfer
files.
From the remote app window, click Transfer
Files.
To upload files from the user's local machine to the remote app:
In the File Upload section, Browse to the file you
want to upload, select the file, and click Open.
Alternatively, the user can drag and drop a file to the File Upload box.
The maximum file size for an upload is 100 MB.
On a macOS or Linux remote desktop, the file is transferred to the user's
home directory on the remote machine.
On a Windows remote desktop, the file is transferred to a folder such as This PCTransient Drive on PRA.
To download a file from the remote app to the user's local machine:
On a macOS or Linux remote app:
Enter the Absolute File Path and click
Download.
The file is downloaded to the Downloads
location in the user's home directory on the local machine.
On a Windows remote desktop:
Just select the file from the Windows remote desktop and drag the
file to a location (such as the Downloads folder) on the user's
local machine.
