Set Up Privileged Remote Access Profiles

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Configure Applications for Privileged Remote Access

Define Permissions for Accessing Privileged Remote Access Apps

Set Up Privileged Remote Access Profiles

Create Privileged Remote Access profiles that define what capabilities should be enabled when the user is accessing an app from the PRA portal.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama or Strata Cloud Manager)	Prisma Access 5.2.1 Minimum Prisma Access dataplane version: 11.2.4 Prisma Access license with a Mobile User subscription Privileged Remote Access add-on license

After you configured the apps your users can access from the Privileged Remote Access (PRA) portal, set up profiles that define the actions your users can perform when they access an app, such as copying, pasting, downloading, and uploading content.

You can define different actions depending on the type of protocol that is used to access an app.

For example, you can disable the copy and paste functions for RDP apps for a particular profile. When you associate this profile later with a PRA portal policy, the policy will automatically enable only the capabilities defined in the profile.

To set up a PRA profile:

Go to WorkflowsPrivileged Remote AccessPRA Profiles.

You can view the list of profiles on the PRA Profiles table. By default, PRA provides a read-only profile (Default_PRA_Profile) that defines the actions a user can perform when using user-defined apps that you don't manage.
To create a new profile, click Add Profile.
Enter a Name for the profile and optionally provide a Description (Optional).
Select the actions that your users can take when accessing an app in a PRA session.
- RDP SESSION PROFILE—Set the following functions to Enabled or Disabled:
  - Copy—Copies content from the remote app or the user's local machine
  - Paste—Pastes content copied from the remote app to the local machine, or pastes content copied from the local machine to the remote app
  - File Upload—Uploads files from the local machine to the remote application. The maximum permitted file size is 100 MB
  - File Download—Downloads files from the remote application to the local machine. The maximum permitted file size is 100 MB
- SSH SESSION PROFILE—Set the following functions to Enabled or Disabled:
  - Copy
  - Paste
  - File Upload
  - File Download
- VNC SESSION PROFILE—Set the following functions to Enabled or Disabled:
  - Copy
  - Paste
  - File Upload
  - File Download
  - Read-only
(Optional) If you need to restore the PRA profile to its initial settings, Reset it.
Save your profile settings. Your profile is saved to the PRA Profiles table.

Configure Applications for Privileged Remote Access

Define Permissions for Accessing Privileged Remote Access Apps

Prisma Access Docs

Set Up Privileged Remote Access Profiles

Prisma Access Docs

Set Up Privileged Remote Access Profiles

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner