Integrate Third-Party Enterprise Browser with Explicit Proxy
Focus
Focus
Prisma Access

Integrate Third-Party Enterprise Browser with Explicit Proxy

Table of Contents

Integrate Third-Party Enterprise Browser with Explicit Proxy

Learn how to integrate a third-party browser with Prisma Access Explicit Proxy.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access license (Minimum Prisma Access version of 5.2.0, Cloud Services plugin version of 5.2, and dataplane of 10.2.4 is required)
End users who use the Prisma Access browser can access both SaaS and private web applications using a secure, authenticated, and encrypted channel. Prisma Access ensures that a user is authenticated and authorized before they get access to any application.
Prisma Access extends this support to third-party enterprise browsers, allowing Explicit Proxy users to securely authenticate and be authorized to access private and SaaS applications using the same security, encryption, and authentication methods.
Prerequisites and Known Limitations
  • Make sure you have deployed Explicit Proxy.
  • Disable GlobalProtect if it's enabled.
  • You can use Prisma Access Browser with a third-party browser; however, you can't use multiple third-party browsers at the same time.
  • Private application access solution through Prisma Access explicit proxy only supports Prisma Access Browser with one additional third-party explicit proxy. Currently, you cannot use multiple third-party explicit proxies with this solution.
  • Any advanced settings configured for existing Explicit Proxy customers are applied to all third-party browsers to Explicit Proxy public or private app access traffic.
Configure a Third-Party Enterprise Browser
To integrate a third-party enterprise browser with Prisma Access, allowing users to securely access applications from that browser, complete the following steps:
  1. Enable third-party enterprise browser integration with Prisma Access.
    1. Log in to Strata Cloud Manager.
    2. Go to WorkflowsIntegrationsPrisma Access and click the settings icon under Third Party Enterprise Browser.
    3. On the settings page, enable Third Party Enterprise Browser Integration.
    4. Under Import Certificate File, select Browse to upload the public certificate, and Save.
      You must get the public key from your third-party enterprise browser.
      All certificate expiration notifications are managed in the third-party enterprise browser as it manages the certificate lifecycle.
    5. Push Config to push the Third Party Enterprise Browser Integration configuration to the Prisma Access Explicit Proxy.
  2. Configure Prisma Access Explicit Proxy integration on the third-party enterprise browser:
    1. On your third-party enterprise browser, enable Palo Alto Explicit Proxy integration.
    2. Add the public key provided to integrate the Palo Alto Strata Cloud Manager.
    3. Configure the encoded tenant ID provided when you configure Third Party Integration for the Palo Alto Networks Strata Cloud Manager.
    4. Configure Explicit Proxy FQDN.
When the configuration is setup successfully, you can see the Integration as enabled and Certificate as Valid under Third Party Enterprise Browser.