Focus

Prisma Access

Define Permissions for Accessing Secure Agentless Access Apps

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Set Up Secure Agentless Access Profiles

Configure Split Tunneling for Secure Agentless Access Traffic

Define Permissions for Accessing Secure Agentless Access Apps

Configure the permissions users and user groups need to access certain apps in the Secure Agentless Access portal.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama or Strata Cloud Manager)	Prisma Access 5.2.1 Minimum Prisma Access dataplane version: 11.2.4 Prisma Access license with a Mobile User subscription Secure Agentless Access add-on license

By default, no users can access any of the apps that you set up for Secure Agentless Access (SAA). You will need to explicitly grant permissions to the users or user groups to define who has access to which apps.

To define the permissions, you must:

Define the SAA policy rules that identify which users or user groups have access to which apps
Define a Security policy rule on the GlobalProtect gateway (Mobile User Security Processing Node (MU-SPN)) to allow traffic from a set of users or user groups to a set of destinations

To set up the permissions to enable SAA app access:

Configure app policies for SAA.
1. Go to ConfigurationSecure Agentless AccessPortal.
  
  The SAA Policies table shows the policies that have been set up.
2. Add a policy.
3. Enter a meaningful Name for the SAA policy.
  
  By default, the new policy is Enabled. If needed, you can disable it later in the App Policies table.
4. Specify the match criteria that define which users and user groups have access to which apps.
  Select at least one User, User group, or both, to associate to this policy.
  If you select a user, the User Groups field becomes optional. Similarly, if you select a user group, the Users field becomes optional.
  
  Select the Applications that you want to associate to this policy. Select at least one Application, Application group, or both, to associate to this policy.
  If you select an application, the Application Groups field becomes optional. Similarly, if you select an application group, the Applications field becomes optional.
5. Select a SAA Profile that for the apps in this policy. When the matching users access the apps in this policy, they will be able to perform the actions that are defined in the selected SAA profile.
6. Save your settings.
Define a Security policy rule to allow Secure Agentless Access (SAA) traffic through the MU-SPNs so that your users can access the destination IP addresses or FQDNs for the SAA apps.

Set Up Secure Agentless Access Profiles

Configure Split Tunneling for Secure Agentless Access Traffic

Prisma Access Docs

Define Permissions for Accessing Secure Agentless Access Apps

Prisma Access Docs

Define Permissions for Accessing Secure Agentless Access Apps

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner