Focus
Prisma Access

Secure Agentless Access

Table of Contents

Secure Agentless Access

Secure Agentless Access provides secure, browser-based access to private apps, private web applications, and public SaaS applications—without installing an agent on user devices.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access 5.2.1
  • Minimum Prisma Access dataplane version: 11.2.4
  • Prisma Access license with a Mobile User subscription
  • Remote Browser Isolation (RBI) license for data controls for SaaS applications
  • Secure Agentless Access add-on license for RDP/SSH/VNC apps
Many enterprises own and manage essential infrastructure—desktops, servers, databases, internal web applications, and SaaS services—that users need to access remotely. These users often require access through protocols such as RDP and SSH, or through a web browser for internal and cloud-hosted applications. However, in certain situations, these users might not have access to corporate-managed devices, such as when using their own devices (BYOD) or when working as third-party contractors. Despite this, they still need secure and controlled remote access to perform their duties effectively.
Secure Agentless Access (SAA) (formerly known as Privileged Remote Access (PRA)) enables these users to remotely access private apps through RDP, SSH, or VNC, private web applications through a browser, and public SaaS applications through an isolated browser session—without installing any additional software such as agents on their unmanaged devices. All you have to do is enable and configure SAA within Prisma Access, and you can take advantage of the security capabilities provided by Prisma Access to secure the SAA traffic between your users' unmanaged devices and your private network.
SAA also provides browser-based access to private web applications hosted on your internal network. Unmanaged users can securely reach internal HTTP and HTTPS applications directly through any HTML5-compliant browser without installing an agent, simplifying onboarding for contractors and BYOD users who need access to corporate web resources. You can optionally enable Remote Browser Isolation (RBI) for private web applications to add an additional layer of data protection—when isolation is enabled, application content is rendered in a secure, cloud-hosted browser environment rather than directly on the user's device, preventing sensitive corporate data from reaching the unmanaged endpoint.
SAA provides secure access to public web applications (SaaS apps) through mandatory Remote Browser Isolation (RBI). Unlike private web applications where isolation is optional, all public web application traffic from unmanaged users is rendered through RBI by default and cannot be disabled. SaaS application content is processed in a secure, cloud-hosted browser environment rather than directly on the user's device, ensuring that sensitive enterprise data never reaches the unmanaged endpoint.
SAA delivers the following key benefits:
  • Secure, Clientless Access via HTML5—Users gain instant, secure access via any standard, HTML5-compliant browser to private resources without any agent or browser installation.
  • Zero Trust Security—By keeping users off the corporate network and providing granular, application-specific access, SAA reduces the internal attack surface while leveraging Prisma Access for security.