The Prisma Access Browser Extension is a tool that allows organizations to apply some of
the Prisma Access Secure Enterprise Browser functionality without installing the full browser.
Where Can I Use This?
What Do I Need?
Strata Cloud Manager
Prisma Access Browser standalone
Prisma Access with Prisma Access Browser bundle license or
Prisma Access Browser standalone license
The Prisma Access Browser Extension is a tool that you can install on commercial browsers
such as Google Chrome and Microsoft Edge browsers, running on Windows, macOS, and
ChromeOS Operating Systems
IT and security teams can enhance organizational security by implementing Prisma Access Browser with a hybrid strategy, using the Prisma Access Browser Extension to
bridge current browsing practices with advanced protections. This approach enables
employees to continue using familiar browsers while administrators gain greater
visibility and control over all browsers across the enterprise.
The extension actively monitors user activity on commercial browsers, helping
to mitigate Shadow IT risks and providing real-time phishing protection. By centralizing
visibility and allowing consistent enforcement of security policies, the Prisma Access Browser Extension integrates smoothly with existing tools while guiding users
to the enterprise browser when accessing sensitive applications.
Designed as a foundational layer in a phased deployment, the Prisma Access Browser
Extension supports a secure transition toward full adoption of the Prisma Access Browser.
For scenarios requiring heightened protection, such as critical applications or
high-risk users, a full enterprise browser deployment offers unparalleled control and
functionality, setting a gold standard for security. This hybrid solution thus delivers
immediate security benefits while preparing organizations for comprehensive,
enterprise-grade browser security.
Deploy the Prisma Access Browser Extension
The Prisma Access Browser Extension can be installed on chromium-based
browsers (Chrome, Edge, Arc, Brave), running on Windows, macOS, and ChromeOS
Operating System.
The extension deployment is based on the operating system, the IdP, and the
browser type. Currently, Okta, Azure, and Google are the supported IdP applications.
For more information regarding Prisma Access Browser Extension Deployment,
see Deploy the Prisma Access Browser Extension.
Prisma Access Browser Extension Login Enforcement
Currently, the Prisma Access Browser Extension utilizes an automatic login
feature that detects the user names from the most recent login to a web Identity
Provider (IdP) application before applying Prisma Access Browser Extension policies. In
some cases, the user name may not be recognized, preventing the Browser Extension
from logging in and enforcing the admin policy. This occurs mainly in cases where
the user has not yet logged into any IdP applications on their browser.
To avoid situations like this, the Prisma Access Browser Extension includes a
feature that you can configure that requires logging into the Prisma Access Browser
Extension before accessing specified sites. This prevents users from bypassing the
administrative policies by using applications without the proper login.
To configure the Login Enforcement Policy, follow the procedures for
creating a new Data Control rule. Take note of
the following requirements:
In the Scope section, select the user Anonymous PABX.
When you select the Anonymous PABX user, several
sections in the Add rule wizard will be unavailable. Some of the options in
the available sections will also be unavailable.
In the Destinations section, configure the applications and URLs that
users will be allowed to access without being logged in to the IdP.
In the Web Access section, select Allow.
Now you will create
the second part of the Login Enforcement:
In the Scope section, select the user Anonymous PABX.
In the Destinations section, configure the applications and URLs that
users will be not be allowed to access without being logged in to the
IdP.
In the Web Access section, select Block
Please do not block the IdP URLs in the Web
application step. This will prevent users from logging into the Prisma Access Browser
Extension.
The Prisma Access Browser Extension allows you to configure the posture requirements for
your devices running the Prisma Access Browser Extension in the same way that it
configures posture for your desktop and laptop devices running the Prisma Access Browser.
Features of supported Access & Data Control policies are supported for
devices running the Prisma Access Browser Extension. The following exceptions
should be noted:
The Set dialog text feature, that permits you to customize your own
text for a particular feature, is supported for the extension.
Note the following feature functionality in the Web Access section:
Prompt options:
Permission request - Acts as Block.
Warn and allow to proceed anyway - Supported.
Warn and allow to proceed anyway with reason -
Supported.
Require MFA - Not supported.
Pick A Label - Not supported (skipped).
Enforce Prisma Access Browser Extension traffic redirection to
Prisma Access Browser allows you to redirect users to the
Prisma Access Browser when accessing web applications. The
Allow/Prompt/Block settings will still be enforced, regardless.
Login restrictions - Not supported (skipped).
When contains... - Not supported (skipped).
Data Controls - Data Leak Prevention
You need to be aware of the differences
between the Prisma Access Browser and the Prisma Access Browser Extension policies.
File Download control provides multiple capabilities related to
downloading files from websites that match a specified URL, application or
website classification.
To set the File Download control:
Allow - the Prisma Access Browser Extension will allow all
downloads.
Allow (Protected)) - Will be treated as
Block.
Block - The Prisma Access Browser Extension will block
all downloads.
Apply on:- Select between one of the following options:
Any file - the download restrictions will apply to all files.
Specific files- the download restrictions will apply to files
that meet the selected specifications (the rule can contain as many
of these specifications as needed):
File size - set the size of the file.
File types - set the file types that
need to match this rule.
File hash - Not supported.
MIP label - Not supported.
Prompt- when there is a restriction, select between one of
the following options:
None - there will be no prompts.
Before download - Not supported; treated as
Block.
File Download control provides multiple capabilities related to
downloading files from websites that match a specified URL, application or
website classification.
To set the File Download control:
Allow - the Prisma Access Browser Extension will allow all
downloads.
Allow protected files only between the rule’s web
applications) - Treated as Block.
Allow only non-protected files - Treated as Block.
Block - The Prisma Access Browser Extension will block
all downloads.
Apply on:- Select between one of the following options:
Any file - the download restrictions will apply to all files.
Specific files- the download restrictions will apply to files
that meet the selected specifications (the rule can contain as many
of these specifications as needed):
File size - set the size of the file.
File types - set the file types that
need to match this rule.
File hash - Not supported.
MIP label - Not supported.
Prompt- when there is a restriction, select between one of
the following options:
None - there will be no prompts.
Before Upload - Not supported; treated as
Block.
Require MFA - Not supported.
Clipboard - Only works for
visibility in the selected Scope
