Unmanaged Device Access Control on Prisma SaaS

Use the next generation firewall to control unmanaged device access by configuring Prisma SaaS as a SAML proxy.
You can control unmanaged and employee-owned device access to your sanctioned SaaS applications by configuring Prisma SaaS as your SAML proxy. Unmanaged device access control uses SAML (Security Assertion Markup Language) redirection by proxy to:
  • Redirect your SaaS app traffic through your next generation firewall.
  • Decrease vulnerability to data exfiltration and malware propagation.
When an employee needs to access a SaaS app on an unmanaged computer or mobile device, the authorization request is sent through the Prisma SaaS SAML proxy and authenticated by your Identity Provider. After authenticating, the user is redirected through the firewall, allowing visibility into access and control of corporate resources on your SaaS app.
There are several options available for an identity provider (IdP) and service provider (SP). Prisma SaaS tested the following IdP and SP combinations. When the table doesn’t indicate support for a configuration one way or another, the configuration might work, but Prisma SaaS has not yet tested that specific configuration. If you have an interest in a specific configuration, contact your Prisma SaaS Sales representative.
SaaS App
IdP
Support Exceptions
Okta
ADFS (SamIP)
ADFS(WsFed)
Azure AD
PING
Shibboleh
Google IDP
Browser
G Suite
Yes
Yes
Yes
Office 365
Yes
Yes
Yes
No
Yes
See also Skype
Dropbox
Yes
Support for special flow only
Salesforce
Yes
Yes
Yes
Support for basic web flow with Google IDP.
Skype
 
Skype for browser is not supported
 
Slack
Yes
Box
Yes
ServiceNow
Yes
Support for special flow only.
Docusign
Yes

Recommended For You