Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Focus

How Explicit Proxy Identifies Users

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

How Explicit Proxy Works in Prisma Access

Planning Checklist—Explicit Proxy

How Explicit Proxy Identifies Users

Learn how Prisma Access Explicit Proxy identifies users.

Explicit Proxy identifies users in the traffic logs dependent on how the users authenticate with the proxy, as shown in the following table.

Authentication Type	User Identification in Traffic Logs
Users that are logged in using SAML authentication and decryption	The username.
Users that are logged in from another proxy that uses X-Authenticated-User (XAU) headers	XAU header information. Explicit Proxy only allows traffic from specific IP addresses to use XAU for authentication. You create an address object and specify the IP addresses where you allow XAU for authentication; then, add the address object in the Trusted Source Address field during Explicit Proxy setup.
Authenticated cross-origin resource sharing (CORS) requests	The swg-authenticated-ip-user user. To help identify traffic that is coming from authenticated users in cases where browsers cannot send cookies or perform authentication redirection, such as CORS requests, Explicit Proxy adds the swg-authenticated-ip-user to the traffic logs.
Undecrypted traffic (if you have allowed Explicit Proxy to allow undecrypted traffic from IP addresses where users have previously authenticated)	The swg-authenticated-ip-user user. You can specify Explicit Proxy to allow undecrypted traffic from IP addresses where users have authenticated; to do so, specify Decrypt traffic that matches existing decryption rules; for undecrypted traffic, allow traffic only from known IPs registered by authenticated users when you configure Explicit Proxy. In these configurations, Explicit Proxy adds the swg-authenticated-ip-user to the traffic logs.

How Explicit Proxy Works in Prisma Access

Planning Checklist—Explicit Proxy