Connect automatically to Prisma Access using your device credentials without
additional login prompts for seamless access to organizational resources.
| Where Can I Use This? | What Do I Need? |
|---|
When your organization has configured single sign-on (SSO) for Prisma Access Agent,
you can connect to the secure network automatically using your existing device
credentials without entering separate login information. This seamless
authentication leverages your operating system's built-in security features to
provide convenient access while maintaining enterprise security policies.
After your administrator configures single sign-on integration on your device, Prisma
Access Agent uses your device login credentials to automatically authenticate and
connect to your organization's secure network. The agent operates silently once you
complete your device login, maintaining your secure connection throughout your work
session without requiring additional authentication steps from you.
Prisma Access Agent offers single sign-on capabilities for macOS and Windows devices
by leveraging macOS Platform SSO and Windows Hello for Business, respectively.
Use Single Sign-On with macOS Platform SSO
Connect automatically to Prisma Access using you macOS login credentials including
Touch ID, Face ID, or smart card with PIN without additional login prompts.
When Platform SSO is configured on your Mac, log into your device using your
organization-provided credentials including your password, Touch ID, Face ID, or
smart card with PIN. Prisma Access Agent automatically detects your login and begins
the authentication process using your existing credentials without displaying
browser windows or additional login prompts.
Log into your Mac using your organization-provided credentials. This may
include your password, Touch ID, Face ID, or smart card with PIN, depending on
how your IT administrator has configured your device.
When your administrator has pushed the Platform SSO profile to you macOS
device, you will be notified to register with your identity provide (IdP). Click
the notification to proceed.
Continue in the Platform Single Sign-on Registration
window.
Enter your credentials to authenticate with your IdP.
In the IdP login window, such as Microsoft Entra, enter the same credentials
that you entered in the Platform SSO window and
Sign
in.
If prompted, follow the instructions to approve the sign in request using your
Authenticator app.
When your registration is complete,
Close the
window.
Once authentication completes successfully, you can access your
organization's applications and resources through the secure network
connection. The agent maintains this connection as long as you remain logged
into your device.
If you experience authentication issues, ensure that you have logged into
your Mac using your organization-provided credentials and verify your
network connection can communicate with your organization's authentication
services. If authentication fails, the agent will prompt you to enter
credentials manually as a fallback option.
(
Optional) Verify that SSO is enabled on your device.
Go to .
Select the information icon for you user name and verify that there is
a Platform Single Sign-on section showing the same IdP login
information, login method, and status of the registration.
-
Use Single Sign-On with Windows Hello for Business
Connect automatically to Prisma Access Agent using Windows Hello credentials
including facial recognition, fingerprint, PIN, or smart card without additional login
prompts.
When Windows Hello for Business integration is configured on your Windows device, you
can log in to your device using your Windows Hello credentials, and Prisma Access
Agent will begin the authentication process using your credentials without
displaying additional login prompts.
Before you begin, make sure that your Windows PC has joined Microsoft Entra ID.
Log in to your device using facial recognition, fingerprint scanning, PIN, or
smart card credentials.
Prisma Access Agent automatically detects your login and begins the
authentication process using your existing Windows Hello session.
Depending on your agent configuration, the Prisma Access Agent
internal embedded browser or your default system browser will
appear. The following image is an example of the embedded
browser:
If your administrator configured the agent to use the embedded
browser and chose to suppress it, the embedded browser will not
appear.
Once authentication completes successfully, you can access your organization's
applications and resources through the secure network connection. The agent
maintains this connection as long as you remain logged into your device.
If you experience authentication issues, verify that your Windows Hello for
Business setup is functioning properly and that your device can communicate
with your organization's authentication services. If authentication fails,
the agent will prompt you to enter credentials manually as a fallback
option.
Verify that SSO is working.
You can go to the
settings in the Prisma Access Agent
app to view the user login information. Confirm that the user name is the
same as what you used to log in to your PC.
For example:
