For the best user experience, if you
are limiting the number of locations, choose locations that are
closest to your users or in the same country as your users. If a
location is not available in the country where your mobile users
reside, choose a location that is closest to your users for the
Authenticate mobile users
Set up User Authentication
only legitimate users have access to your services and applications.
SAML is the only supported authentication protocol. Prisma
Access supports PingOne, Azure AD, and Okta as SAML authentication
providers, but you should be able to use any vendor that supports
SAML 2.0 as a SAML identity provider (IdP).
Review the best practice security rules that
are turned on by default
Prisma Access enforces best practice security policy rules
by default. These rules allow your users to securely browse to general
internet sites. Users are:
Blocked from visiting known
bad websites based on URL
Blocked from uploading or downloading files that are known
to be malicious
Protected from unknown, never-before-seen threats
Protected from viruses, spyware (command and control attacks),
After going through the initial
setup, you can review and update these default rules to meet your
Verify that the mobile users location is active
After you push your initial configuration to Prisma Access,
Prisma Access begins provisioning your mobile user environment.
This can take up to 15 minutes. When your mobile user locations
are up and running, you’ll be able to verify them on the Mobile
Users setup pages, the Overview, and within Insights.
You can also validate your setup by selecting
Prisma Access Setup
edit infrastructure settings to confirm a gateway is set up in each
of the locations you provisioned.
Enable decryption for explicit proxy traffic
Set the maximum supported TLS version to 1.2.
(Advanced SSL Forward
Proxy settings) because explicit proxy does not support native HTTP/2,
and you must remove the ALPN headers.