Types of Mobile Users (Cloud Management)

Learn about the different ways mobile users can connect to Prisma Access and get started onboarding mobile users.
You can enable your mobile users to connect to Prisma Access through GlobalProtect (including clientless VPN), Okyo Garde, and Explicit Proxy. Together, GlobalProtect and Okyo Garde users make up your
Remote Workforce

Get Started with Each Mobile User Type

Choose how your mobile users will connect to Prisma Access:
  • You can deploy the GlobalProtect app to your users (available for smartphones, tablets, or laptops running Microsoft Windows, Apple macOS and iOS, Android, Google Chrome OS, and Linux) so that they can tunnel the traffic to Prisma Access for policy enforcement and threat prevention. The GlobalProtect app also provides host information profile (HIP) reporting so that you can create granular policies based on device state to ensure that endpoints adhere to your security standards—for example, they are equipped with the most up-to-date patches, encryption, and virus definitions—in order to access your most sensitive applications. Or, to enable secure access to users on unmanaged devices, you can enable
    Clientless VPN
    . Prisma Access dynamically scales in and out per region based on where your users are at the moment.
  • With the Okyo Garde add-on for Prisma Access, your organization can deploy the same Palo Alto Networks security technologies that they trust to secure their campus networks in the homes of employees to support work-from-home (WFH) use cases. Once Okyo Garde devices are set up in the homes of this new remote workforce, they become endpoints for enforcement of your GlobalProtect policies.
  • If your organization’s existing network already uses explicit proxies and deploys PAC files on your client endpoints, you can smoothly migrate to Prisma Access to secure mobile users’ outbound internet traffic.

Remote Workforce

Together, GlobalProtect and Okyo Garde users make up your
Remote Workforce
. The setup for GlobalProtect and Okyo Garde is different and separate:
However, the policy you’ll use to enforce GlobalProtect and Okyo Garde traffic is shared. Manage GlobalProtect and Okyo Garde together under the Remote Workforce folder:
When you push policy and configuration updates to Prisma Access for GlobalProtect or Okyo Garde, you’ll also set the push scope to Remote Workforce.

Recommended For You