>
    Strata Copilot
    Use Prisma Access Agent Pre-Logon
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent for Desktop Devices
    4. Use Prisma Access Agent Pre-Logon
    Download PDF
    Prisma Access Agent

    Use Prisma Access Agent Pre-Logon

    Table of Contents

    Use Prisma Access Agent Pre-Logon

    Pre-logon keeps your device securely connected to your work network, even before you log in. It provides access for maintenance and transitions to full network access when you log in.
    Where Can I Use This?What Do I Need?
    • Prisma Access Agent
    • Minimum Prisma Access Agent version: 25.1.14
    • macOS 14 and later or Windows 10 version 2024 and later desktop devices
    • Internet access
    The pre-logon feature for Prisma Access Agent offers a seamless and secure connection experience throughout your device's operation cycle. When your device starts up, the pre-logon mode automatically initializes and establishes a secure connection using your device's machine certificate. This occurs before you reach the operating system login screen, ensuring immediate network connectivity. On Windows machines, you will see a tile at the login screen displaying the pre-logon tunnel status as Internal, Connected, or Disconnected, providing clear visibility of your network status.
    As you log in with your credentials, the pre-logon tunnel smoothly transitions to your full user session. The Prisma Access Agent reauthenticates, granting broader access rights based on your user profile. You don't need to manually establish a connection—it's already set up for you. During your session, you have full access to network resources as defined by your organization's policy rules, with the connection remaining active to ensure consistent and secure access.
    When you log out, your user-specific session ends, but the system automatically re-establishes the pre-logon connection. This ensures your device maintains essential network connectivity for system tasks even when you're not logged in. Each subsequent login follows the same pattern, providing a consistent experience of transitioning from pre-logon to full user access. This pre-logon feature enhances your productivity by ensuring immediate and secure network access, simplifying the login process, and maintaining essential connectivity at all times.
    The Windows pre-logon process is different from the pre-logon for macOS. When your device starts up, the pre-logon process on Windows will show you what happens during a pre-logon connection. While on macOS, there are no visual cues related to the pre-logon connection. You just need to sign in when prompted by the operating system.
    Before you can use pre-logon, your administrator must have configured pre-logon support for the Prisma Access Agent.
    To use pre-logon on a Windows device:
    • If your device has never been enrolled, meaning that the Prisma Access Agent has never registered with the server, and never been configured on your device, do the following when your device starts up.
      1. Click the Sign-in options in the login screen, and click the Prisma Access Agent icon.
        The agent will use your device's machine certificate to authenticate with the server and establish a secure, pre-logon connection.
      2. Wait for the enrollment process to finish. This will register your device with the server and download the necessary configurations for the Prisma Access Agent to your device.
      3. At this point, the Prisma Access Agent will automatically authenticate and connect to the best available gateway.
      4. When the agent has connected to the gateway, enter your system password and press Enter.
      5. After you log in successfully, the pre-logon connection transitions to a full user session with potentially broader access rights, where you can access the resources in your network based on your organization's security policy rules.
      6. When you log out of the operating system, your user-specific session ends, but the system automatically re-establishes the pre-logon connection.
    • If your device has previously been enrolled and you're just starting it up:
      1. The Prisma Access Agent will automatically authenticate and connect to the best available gateway as shown in the following image:
      2. When the agent has connected to the gateway, enter your system password and press Enter.
      3. After you log in successfully, the pre-logon connection transitions to a full user session with potentially broader access rights, where you can access the resources in your network based on your organization's security policy rules.
      4. When you log out of the operating system, your user-specific session ends, but the system automatically re-establishes the pre-logon connection.

    © 2025 Palo Alto Networks, Inc. All rights reserved.