Secure Agentless Access
Secure Agentless Access provides secure, browser-based access to private apps, private
web applications, and public SaaS applications—without installing an agent on user
devices.
| Where Can I Use This? | What Do I Need? |
- Prisma Access (Managed by Panorama or Strata Cloud Manager)
|
|
Many enterprises own and manage essential infrastructure—desktops, servers, databases,
internal web applications, and SaaS services—that users need to access remotely. These
users often require access through protocols such as RDP and SSH, or through a web
browser for internal and cloud-hosted applications. However, in certain situations, these
users might not have access to corporate-managed devices, such as when using their own
devices (BYOD) or when working as third-party contractors. Despite this, they still need
secure and controlled remote access to perform their duties effectively.
Secure Agentless Access (SAA) (formerly known as Privileged Remote Access (PRA)) enables these users
to remotely access private apps through RDP, SSH, or VNC, private web applications
through a browser, and public SaaS applications through an isolated browser
session—without installing any additional software such as agents on their unmanaged
devices. All you have to do is enable and configure SAA within Prisma Access, and you can take advantage of the security capabilities provided by
Prisma Access to secure the SAA traffic between your users'
unmanaged devices and your private network.
SAA also provides
browser-based access to
private web applications hosted
on your internal network. Unmanaged users can securely reach internal HTTP and HTTPS
applications directly through any HTML5-compliant browser without installing an agent,
simplifying onboarding for contractors and BYOD users who need access to corporate web
resources. You can optionally enable Remote Browser Isolation (RBI) for private web
applications to add an additional layer of data protection—when isolation is enabled,
application content is rendered in a secure, cloud-hosted browser environment rather
than directly on the user's device, preventing sensitive corporate data from reaching
the unmanaged endpoint.
SAA provides secure access to
public web applications (SaaS apps) through
mandatory Remote Browser Isolation (RBI). Unlike private web applications where
isolation is optional, all public web application traffic from unmanaged users is
rendered through RBI by default and cannot be disabled. SaaS application content is
processed in a secure, cloud-hosted browser environment rather than directly on the
user's device, ensuring that sensitive enterprise data never reaches the unmanaged
endpoint.
SAA delivers the following key benefits:
- Secure, Clientless Access via HTML5—Users gain instant, secure access via any
standard, HTML5-compliant browser to private resources without any agent or browser
installation.
- Zero Trust Security—By keeping users off the corporate network and providing
granular, application-specific access, SAA reduces the internal
attack surface while leveraging Prisma Access for security.