>
    The Prisma Access Browser Enterprise Password Manager
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Browser
    3. Prisma Access Browser Administration
    4. The Prisma Access Browser Enterprise Password Manager
    Download PDF
    Prisma Access Browser

    The Prisma Access Browser Enterprise Password Manager

    Table of Contents

    The Prisma Access Browser Enterprise Password Manager

    The information that everyone needs about the browser.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma Access Browser standalone
    • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
    • Superuser or Prisma Access Browser role
    Password-related breaches remain a major risk in enterprise environments. The Prisma® Access Browser introduces centralized password management to enforce secure handling of credentials.
    Built-in browser managers lack enterprise features like policy rule controls, access management, encryption, and audit logging. Extensions add functionality but increase the attack surface and are vulnerable to user tampering.
    Integrating password management with existing identity and access systems adds complexity and cost. As a result, many organizations avoid standardization, leading to insecure practices such as password reuse, and unauthorized credential sharing.

    The Prisma Access Browser Enterprise Password Manager

    To address these challenges, we developed the Enterprise Password Manager as a first-party solution, purpose-built to meet the needs, and tightly integrated with Prisma® Access Browser. The solution supports complex enterprise requirements by enabling robust security controls, seamless policy rule enforcement, and a streamlined user experience.

    Key Features

    Password Manager - User Guide

    Click here to go directly to the Admin Guide.

    Password Manager Inventory

    The Password Manager in Prisma Access Browser enables users to securely store, manage, and use credentials for applications not integrated with the organization's identity provider.
    The main page of the Password Manager is the Inventory page, where you can manage, create, edit, or remove logins.
    You can open the inventory in the following ways:
    • Click the Prisma Access Browser icon → Password Manager.
    • Click Settings → Password and Autofill → Password Manager.
    • Open the Password Manager from one of the dialogs opened by the Browser when saving and updating or viewing passwords on a website.
    • Click on the Password Manager key icon on the Browser sidebar.
    • Navigate to prisma://password-manager/
    When you open the Password Manager, it displays the list of available logins.
    If you previously used the Legacy Password Manager in Prisma Access Browser, the system migrates your logins automatically to the Enterprise Password Manager.
    If no logins exist, the Password Manager shows an empty state screen.

    Create a Login

    You can manually create logins through the Password Manager Inventory.
    To create a login manually, open the Inventory and click “Create login.” Enter the required details:
    • Username for the application (optional).
    • Password for the application (mandatory).
    • URL of the application that triggers the Password Manager to suggest this login (mandatory).
    • Note describing the login (optional).

    Manage Logins in the Inventory

    Click a login to open its details pane, where you can view, edit, and manage the entry.
    The browser may prompt you for a step-up MFA (PIN code or passkey) based on your admin policy rule before revealing login details.
    You can view the details of a login using the available options:
    • Click the reveal or copy icons to view or copy the username or password.
    • Click the arrow icon to open the URL associated with the login.
    • Click Edit to change the login details.
    • Click Delete to remove the login from the inventory. Make sure you have another way to access the website before deleting a login.

    Password Generator

    The Enterprise Password Manager includes a built-in password generator, accessible from the inventory page. This tool helps create strong, difficult-to-crack passwords.
    1. Navigate to the Inventory and click Password Generator.
    2. Choose your desired password characteristics.
    3. The generated password is displayed. Click to copy it to your clipboard.
    4. Paste the password when creating or updating account passwords or websites.

    Import Logins

    You can import logins from a third-party browser or password manager by following these steps:
    1. Navigate to the Inventory and click Import.
    2. Select the source for the import.
    3. Export your logins from the source as a CSV file, following the provided instructions.
    4. Choose the CSV file to import your logins into the Prisma Access Browser Password Manager.

    Settings

    Click the Settings tab to enable or disable the Password Manager for your browser or to import logins frm another browser or third-party Password Managers.

    Password Manager Interactions

    Save a Login

    When you register on a site or log in to a URL that the Password Manager does not recognize, it prompts you to save a new login to the Prisma Access Browser Enterprise Password Manager.
    Click Login details to add more information to the login.
    If you missed or closed the dialog by mistake, you can get back to it by clicking the key icon.

    Update a Login

    When you update a password in the Prisma Access Browser Enterprise Password Manager, the system prompts you to save the changes.
    If you miss the prompt, click the key icon in the omnibox to reopen it.

    Use a Login

    If there is a key icon in the omnibox, this means that there are saved logins for the current site. Click it to see the logins available on the site. You can drill dow to view the details for each login.
    The browser might prompt you for a step-up MFA (PIN code or passkey) based on your admin policy rule when you reveal login details.
    When you focus on an input field in a login form on a URL with an available login, the Password Manager suggests matching logins and enables you to autofill them.
    To autofill the login, the browser can also require a step-up MFA based on your admin policy rule.

    Profile Sync

    The Password Manager automatically syncs stored logins across user devices when you sign in with the same credentials.
    This sync functionality works only if you enable profile sync in the Browser Customization → Profile sync policy rule settings.
    The Password Manager officially supports desktop devices (Windows and macOS). It also syncs passwords to the mobile Password Manager where sync is supported.

    Prisma Access Browser Enterprise Password Manager - Admin Guide

    Policy Rule

    The Password Manager is managed in the Browser Security -> Saved Data -> Password Manager control.
    The default value of the control is Enabled, with MFA enabled on a 5-minute timeout.
    The Password Manager can be enabled or disabled.
    When it is disabled, the Password Manager pop-ups do not display, and the inventory will be disabled.

    Multi-factor Authentication

    The system can require users to complete a step-up MFA based on policy rule when performing actions that involve retrieving a login, such as:
    • Opening a login from the Inventory
    • Viewing login details through the omnibox pop-up
    • Autofilling a login form
    After a successful step-up MFA, the system won’t prompt again for a defined interval (5 minutes by default).
    Administrators can enable or disable step-up MFA for all logins stored in the Password Manager by configuring the Password Manager policy rule control. They can also adjust the MFA Prompt Interval setting it to always prompt, or to a shorter or longer interval than the default.
    You can configure the MFA factor in Browser Security → Authentication Factor. PAB currently supports local PIN and Passkey authentication. Click here for more information.

    Events

    The Prisma Access Browser Enterprise Password Manager logs all actions that users perform within the manager, including:
    • Login created - The system logs when a user adds a login through the Inventory or the Save Login pop-up.
    • Login deleted - The system logs when a user deletes a login through the Inventory.
    • Login details changed - The system logs changes to a login’s details, including metadata or the password value.
    • Login retrieved - The system logs when a user retrieves a login by autofilling it or by using the eye icon or copy button to view or copy the credentials.
    You can view these events in the Prisma Access Browser Event log under the new Password Manager category.
    The system can forward these events to your organization's SIEM/SOC. You can then correlate them with other activity – such as login attempts, failed logins, or browsing events – to build a complete timeline around credential usage.

    © 2025 Palo Alto Networks, Inc. All rights reserved.