Prisma Access
Configure Applications for Privileged Remote Access
Table of Contents
Configure Applications for Privileged Remote Access
Add the remote apps that your users will access using the Privileged Remote Access
portal.
After you set up the Privileged Remote Access (PRA) portal, you can add the apps that your
users will access from the PRA portal. You can add apps that
users can access using the RDP, SSH, or VNC protocol.
You can also set up application groups to help manage which users can
access which groups of apps.
Add Applications
Add remote applications to the PRA portal that your users
can access using RDP, SSH, or VNC. For example, you can set up a PRA app for the remote access of a Windows desktop by using
RDP, or to remotely log in to a computer using SSH.
Before you can add the applications that your users will access from the PRA portal, you will need the following information about
the apps:
- The type of protocol that your users will use to access the app
- The FQDN or IP address of the app destination
- The port number used to reach the app (if different from the default port)
- Login credentials for the app on the target machine (optional)
To resolve the internal hostnames of applications deployed in your data
center, you need to have an active Service Connection to the data center and
firewall rules to access your internal DNS server.
To add the apps to your PRA portal:
- Go to .Click the Applications tab and Add Application.Configure general settings for the app.
- Select a Protocol (RDP, SSH, or VNC).Enter the Name of the app.(Optional) Enter a description for the app.Enter the Destination FQDN or IP address. The FQDN or IP address of the app must be reachable using a Service Connection in your Prisma Access tenant.Enter the Port for the destination, if different from the default port.
![]()
(Optional) Configure authentication settings for the app. The authentication settings that you enter depend on the type of protocol that you selected.- For RDP apps:Enter the User Name and Password for the remote app, and confirm the password. The username and password are optional, but both must be provided or both must be empty.
- For SSH apps:
- Enter the User Name and Password for the remote app, and confirm the password. If you don't provide a password, you must provide a private key.
- (Optional) Enter the Private Key. If the private key is encrypted, enter the Passphrase.
- (Optional) Enter the Host Key entries for the remote host, which you can obtain by running the ssh-keyscan command on the host. Enter one key per line. Lines that begin with # are comments.
- For VNC apps:
- (Optional) Enter the User Name and Password for the remote app, and confirm the password. The username and password are optional, but both must be provided or both must be empty.
- (Optional) Select Enable File
Transfer to allow your users to upload and
download files using SFTP (SSH File Transfer Protocol).
- Enter the SFTP Username and SFTP Password. If you don't provide a password, you must provide the SFTP private key.
- Enter the SFTP Port to use for file transfers. The range is 0-64435.
- Enter the SFTP Private Key if you're not using the SFTP password.
- If the SFTP private key is encrypted, enter the SFTP Passphrase.
- (Optional) Enter the SFTP Host Key.
Save your settings. The application is added to the Applications table. You can visit this page later to add, edit, or remove an app.![]()
Set Up Application Groups
Create application groups to organize the applications that your users can access through the policies. For example, you might have a group of users who should access only certain applications, so you can associate a user or a group of users to an application group.To set up application groups:- Go to .Click the Application Groups tab and Add a group.Enter a meaningful Name for the application group.Select the Applications that you want to put in the group.
![]()
(Optional) Enter a description for the group.Save your settings. The group is added to the Application Groups table. You can visit this page later to add, edit, or remove an application group.![]()
