If your users access services and applications that are external to your network, you can use SAML to integrate Prisma Access with an identity provider (IdP) that controls access to both external and internal services and applications. SAML single sign-on (SSO) enables one login to access multiple applications and is helpful in environments where each user accesses many applications and authenticating for each one would impede user productivity.

Prisma Access for Users provides enterprise authentication via Security Assertion Markup Language (SAML). You can use SAML 2.0 to authenticate Prisma Access mobile users. The Prisma Access portal and gateways act as SAML Service Provider (SP). When a mobile user attempts to connect, Prisma Access returns an authentication request to the client browser, which in turn sends it to your SAML IdP to authenticate the user. You can use any third-party software that supports SAML 2.0 as SAML identity provider (IdP).

The following workflows use Okta as the SAML IdP.