| Where Can I Use
This? | What Do I Need? |
|---|
Prisma
Access Mobile—Explicit Proxy deployments support Kerberos authentication.
If you have servers, IoT devices, or headless machines that cannot
authenticate using SAML, you can use Kerberos authentication instead.
If
your deployment uses both SAML and Kerberos for authentication,
you can configure both authentication types in a single Explicit
Proxy deployment. In this way, you can authenticate mobile users
with SAML while authenticating servers, IoT devices or headless
machines with Kerberos. Prisma Access Explicit Proxy processes the
authentication depending on the port used for the authentication
traffic:
If the authentication traffic uses port 8080,
Explicit Proxy uses SAML authentication.
If the authentication traffic uses port 8081, Explicit Proxy
uses Kerberos authentication.
If only one port is
configured, the port that is not configured uses the same authentication
profile as the configured port.
Kerberos SSO is available only for endpoints and systems that have access to your Kerberos
infrastructure. Endpoints and systems without access to the Kerberos
infrastructure must use SAML SSO.
