After you’ve added your organization’s authentication
services to Prisma Access (here’s how),
Prisma Access authenticates users at multiple points:
When they connect to Prisma Access
Here’s how to define how
you’d like mobile users to authenticate to Prisma Access. You don’t
need to define authentication settings for users at remote networks
to connect to Prisma Access, as the remote network traffic is routed
through secure VPN tunnels.
When user traffic meets your requirements for additional authentication
to require users to authenticate (using one or multiple methods)
to access enterprise applications and protected network resources.
When users generate web traffic that matches your authentication
requirements, Prisma Access checks that the users are legitimate
by prompting them to authenticate using one or more methods (factors),
such as login and password, voice, SMS, push, or one-time password
(OTP) authentication—the factors Prisma Access uses are all based
on the authentication service and settings that you specify in your authentication
profiles. For the first factor (login and password), users
authenticate through the authentication portal.
For the other factors, users then authenticate through a multi-factor
authentication login page.
After authenticating users, Prisma Access evaluates your security
rules to determine whether to allow access to the application. Prisma
Access logs all activity where users attempt to access applications,
services, or resources that you’ve designated for secure access.