Focus

Prisma Access

Set Up Secure Agentless Access Profiles

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Set Up Application Groups for Secure Agentless Access

Define Permissions for Accessing Secure Agentless Access Apps

Set Up Secure Agentless Access Profiles

Create Secure Agentless Access profiles that define what capabilities should be enabled when the user is accessing an app from the SAA portal.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama or Strata Cloud Manager)	Prisma Access 5.2.1 Minimum Prisma Access dataplane version: 11.2.4 Prisma Access license with a Mobile User subscription Secure Agentless Access add-on license

After you configured the apps your users can access from the Secure Agentless Access (SAA) portal, set up profiles that define the actions your users can perform when they access an app, such as copying, pasting, downloading, and uploading content.

You can define different actions depending on the type of protocol that is used to access an app.

For example, you can disable the copy and paste functions for RDP apps for a particular profile. When you associate this profile later with a SAA portal policy, the policy will automatically enable only the capabilities defined in the profile.

To set up a SAA profile:

Navigate to the SAA Profiles page.
- For Prisma Access (Managed by Strata Cloud Manager):
  1. Log in to Strata Cloud Manager as the administrator.
  2. Select ConfigurationSecure Agentless AccessProfiles.
- For Prisma Access (Managed by Panorama):
  1. Launch Secure Agentless Access from the Cloud Services plugin on Panorama by selecting PanoramaCloud ServicesSecure Agentless Access.
  2. Click Get Started.
  3. Select ConfigurationSecure Agentless AccessProfiles.
You can view the list of profiles on the SAA Profiles table. By default, SAA provides a read-only profile (Default SAA Profile) that defines the actions a user can perform when using any apps that are defined in a SAA policy or any user-defined RDP, SSH, or VNC apps that you don't manage.
To create a new profile, click Add Profile.
Enter a Name for the profile and optionally provide a Description (Optional).
Select the actions that your users can take when accessing an app in a SAA session. You can set controls for RDP, SSH, or VNC sessions.
- RDP PROFILE—Set the following functions to Enabled or Disabled:
  - Copy—Copies content from the remote app or the user's local machine. (Default: Enabled)
  - Paste—Pastes content copied from the remote app to the local machine, or pastes content copied from the local machine to the remote app. (Default: Enabled)
  - File Upload—Uploads files from the local machine to the remote application. The maximum permitted file size is 100 MB. (Default: Disabled)
  - File Download—Downloads files from the remote application to the local machine. The maximum permitted file size is 100 MB. (Default: Disabled)
  - Audio Passthrough—Enables users to hear audio from the remote app on their device. If you disable this setting, no audio from the remote app is transmitted to the user's device. Applies only to RDP apps. (Default: Disabled)
- SSH PROFILE—Set the following functions to Enabled or Disabled:
  - Copy—Copies content from the remote app or the user's local machine. (Default: Enabled)
  - Paste—Pastes content copied from the remote app to the local machine, or pastes content copied from the local machine to the remote app. (Default: Enabled)
  - File Upload—Uploads files from the local machine to the remote application. The maximum permitted file size is 100 MB. (Default: Disabled)
  - File Download—Downloads files from the remote application to the local machine. The maximum permitted file size is 100 MB. (Default: Disabled)
- VNC PROFILE—Set the following functions to Enabled or Disabled:
  - Copy—Copies content from the remote app or the user's local machine. (Default: Enabled)
  - Paste—Pastes content copied from the remote app to the local machine, or pastes content copied from the local machine to the remote app. (Default: Enabled)
  - File Upload—Uploads files from the local machine to the remote application. The maximum permitted file size is 100 MB. (Default: Disabled)
  - File Download—Downloads files from the remote application to the local machine. The maximum permitted file size is 100 MB. (Default: Disabled)
(Optional) If you need to restore the SAA profile to its initial settings, Reset it.
Save your profile settings. Your profile is saved to the SAA Profiles table.

Set Up Application Groups for Secure Agentless Access

Define Permissions for Accessing Secure Agentless Access Apps

Prisma Access Docs

Set Up Secure Agentless Access Profiles

Prisma Access Docs

Set Up Secure Agentless Access Profiles

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner