Prisma Access Agent
Use the Prisma Access Agent App (Managed Devices)
Table of Contents
Use the Prisma Access Agent App (Managed Devices)
Use the Prisma Access Agent App Managed Devices for Android Endpoints.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
If your Android endpoint is managed by a mobile device management (MDM) system, your
administrator may have automatically pushed the Prisma Access Agent to your endpoint
and configured the agent.
- Open the Prisma Access Agent app by tapping the PA Agent icon.The agent will connect based on the connect method configured by your Prisma Access Agent administrator. The Prisma Access Agent supports the following connect methods:
- Always-OnIn an Always-On configuration, Prisma Access Agent automatically connects as soon as end users log in. You can optionally enable Lockdown Mode to enforce all network traffic through the Prisma Access Agent and block traffic that does not go through the Prisma Access Agent.
- On-DemandIn an on-demand configuration, end users must manually connect Prisma Access Agent through the application. Traffic is routed through the Prisma Access Agent app only after the end users initiate and establish the connection.
- Per-AppIn a per-app configuration, you can specify the managed apps that can route traffic through Prisma Access Agent when connected. If using an allowlist, only the specified apps will be routed through Prisma Access Agent. If using a blocklist, all traffic will be routed through Prisma Access Agent except for the specified apps.
If your agent is always-on, you'll receive a notification to authenticate with your identity provider.- Tap the notification to proceed.Enter your organization credentials to authenticate to the app:
![]()
If your agent is on-demand, manually connect to the agent.- Connect by clicking the lock icon.
![]()
Enter your organization credentials to authenticate to the app:![]()
After authentication is complete, the connection is established and the app displays the status as Connected.![]()
For Prisma Access Agents agents with on-demand or per-app configurations, tap Disconnect on the app when you no longer need to access resources through the Prisma Access Agent.For Prisma Access Agents with always-on configurations, you won't be able to disconnect the agent due to your organization's IT policy.If you connect to a network that requires captive portal authentication, such as public Wi-Fi at hotels, cafes, or airports, you will receive a notification.- Tap on the notification to proceed.The captive portal login page will appear in the embedded browser. Enter your credentials or accept the terms of service as required by the network provider.
