How Prisma Access Authentication Works

After you’ve added your organization’s authentication services to Prisma Access (here’s how), Prisma Access authenticates users at multiple points:
  • When they connect to Prisma Access
    Here’s how to define how you’d like mobile users to authenticate to Prisma Access. You don’t need to define authentication settings for users at remote networks to connect to Prisma Access, as the remote network traffic is routed through secure VPN tunnels.
  • When user traffic meets your requirements for additional authentication
    Here’s how to require users to authenticate (using one or multiple methods) to access enterprise applications and protected network resources.
When users generate web traffic that matches your authentication requirements, Prisma Access checks that the users are legitimate by prompting them to authenticate using one or more methods (factors), such as login and password, voice, SMS, push, or one-time password (OTP) authentication—the factors Prisma Access uses are all based on the authentication service and settings that you specify in your authentication profiles. For the first factor (login and password), users authenticate through the authentication portal.
For the other factors, users then authenticate through a multi-factor authentication login page.
After authenticating users, Prisma Access evaluates your security rules to determine whether to allow access to the application. Prisma Access logs all activity where users attempt to access applications, services, or resources that you’ve designated for secure access.

Recommended For You