Prisma Access Browser
Prisma Access Browser Extension Auto Login
Table of Contents
Prisma Access Browser Extension Auto Login
Configure Auto Login for PABX
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The Prisma® Access Browser Extension (PABX) automatically logs users in without requiring
manual sign-ins. This feature works by integrating with supported identity providers
(IdP) and using the existing session cookies from those IdPs.
Prisma Access Browser Extension Auto-Login
The Prisma® Access Browser Extension (PABX) provides an auto-login feature that
automatically and seamlessly logs users into the system, eliminating the need for
manual sign-ins. PABX achieves this by integrating with supported Identity Providers
(IdPs) and leveraging their existing session cookies. This method significantly
reduces sign-in effort for users and enhances security by centralizing credential
management at the IdP level through single sign-on (SSO).
How the Prisma Access Browser Extension Works
PABX initiates a login attempt every few minutes or when it detects a
change in the existing IdP session cookie. The process includes the following
steps:
- IdP session Detection: When a user signs in to a business application (such as a CRM) that integrates with their IdP, the browser receives a session cookie that confirms the active session.
- Active session Verification: During each login attempt, PABX checks for valid session cookies from supported IdPs.
- Domain Matching: If PABX detects an active session, it checks whether the user’s domain (for example, company.com in user@company.com) exists in the PABX loginDomains configuration.
- Silent Background Login: If the domain matches, PABX silently attempts to authenticate in the background by accessing a configured PAB application that integrates with the IdP. This typically occurs when you set up the Cloud Identity Engine (CIE) during on-boarding.
- Local Session Establishment: After successful authentication, PABX creates a local session and enforces policy rules associated with the logged-in user.
By using single sign-on (SSO), PABX enables users to access multiple
systems through a single login. This reduces sign-in effort and improves security by
centralizing credential management at the IdP level.
Auto-Login Prerequisites
To properly enable the Auto-login feature, you need to ensure the following
configurations:
- IdP Integration: Integrate PABX with one of the currently supported
Identity Providers:
- Okta
- Azure Active Directory
- Google Workspace If your organization uses an IdP not listed above, users must sign in manually. In such cases, you can enforce manual login requirements to prevent users from bypassing policy rule enforcement.
- Login Domains Configuration: Accurately configure login domains in PABX to precisely match your users' IdP domains.
- PAB (CIE) Application Setup: Properly set up the PAB application (Cloud Identity Engine) within your chosen IdP.
Login Domains
PABX automatically retrieves and populates login domains from the integrated IdP.
These domains (such as company.com from
user@company.com) appear under Login Domains on the
PABX onboarding page. Confirm that these automatically populated domains
accurately match your users' email domains. If discrepancies exist, update them
directly within the onboarding tool.
Deploying Prisma Access Browser Extension
To deploy PABX, follow the detailed instructions provided in the onboarding
section of the PAB management console. You can also refer to the full deployment
documentation available directly within the console for more information.