Prisma Access Agent
Use Prisma Access Agent Pre-Logon
Table of Contents
Use Prisma Access Agent Pre-Logon
Pre-logon keeps your device securely connected to your work network, even before you
log in. It provides access for maintenance and transitions to full network access when you
log in.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The pre-logon feature for Prisma Access Agent offers a seamless and secure connection
experience throughout your device's operation cycle. When your device starts up, the
pre-logon mode automatically initializes and establishes a secure connection using
your device's machine certificate. This occurs before you reach the operating system
login screen, ensuring immediate network connectivity. On Windows machines, you will
see a tile at the login screen displaying the pre-logon tunnel status as Internal,
Connected, or Disconnected, providing clear visibility of your network status.
As you log in with your credentials, the pre-logon tunnel smoothly transitions to
your full user session. The Prisma Access Agent reauthenticates, granting broader
access rights based on your user profile. You don't need to manually establish a
connection—it's already set up for you. During your session, you have full access to
network resources as defined by your organization's policy rules, with the
connection remaining active to ensure consistent and secure access.
When you log out, your user-specific session ends, but the system automatically
re-establishes the pre-logon connection. This ensures your device maintains
essential network connectivity for system tasks even when you're not logged in. Each
subsequent login follows the same pattern, providing a consistent experience of
transitioning from pre-logon to full user access. This pre-logon feature enhances
your productivity by ensuring immediate and secure network access, simplifying the
login process, and maintaining essential connectivity at all times.
The Windows pre-logon process is different from the pre-logon for macOS. When your
device starts up, the pre-logon process on Windows will show you what happens during
a pre-logon connection. While on macOS, there are no visual cues related to the
pre-logon connection. You just need to sign in when prompted by the operating
system.
Before you can use pre-logon, your administrator must have configured pre-logon support for the Prisma
Access Agent.
To use pre-logon on a Windows device:
- If your device has never been enrolled, meaning that the Prisma Access Agent has never registered with the server, and never been configured on your device, do the following when your device starts up.
- Click the Sign-in options in the login screen, and click the Prisma Access Agent icon.The agent will use your device's machine certificate to authenticate with the server and establish a secure, pre-logon connection.Wait for the enrollment process to finish. This will register your device with the server and download the necessary configurations for the Prisma Access Agent to your device.At this point, the Prisma Access Agent will automatically authenticate and connect to the best available gateway.When the agent has connected to the gateway, enter your system password and press Enter.After you log in successfully, the pre-logon connection transitions to a full user session with potentially broader access rights, where you can access the resources in your network based on your organization's security policy rules.When you log out of the operating system, your user-specific session ends, but the system automatically re-establishes the pre-logon connection.If your device has previously been enrolled and you're just starting it up:
- The Prisma Access Agent will automatically authenticate and connect to the best available gateway as shown in the following image:When the agent has connected to the gateway, enter your system password and press Enter.After you log in successfully, the pre-logon connection transitions to a full user session with potentially broader access rights, where you can access the resources in your network based on your organization's security policy rules.When you log out of the operating system, your user-specific session ends, but the system automatically re-establishes the pre-logon connection.