Prisma Access Agent extends client certificate authentication support to Panorama Managed Prisma Access and NGFW deployments, enabling you to implement certificate-based security controls through the Prisma Access Agent Manager (EPM) configuration interface. This feature provides you with three authentication options: Client Certificate through Cloud Identity Engine, Client Certificate OR SAML through Cloud Identity Engine, and Client Certificate AND SAML through Cloud Identity Engine. You can configure these options based on your organization's security requirements and compliance needs. Certificate authentication is essential when you need strong device identity verification before granting network access. This capability enables you to enforce certificate-based policies consistently across NGFW and Prisma Access gateways in hybrid deployments. The feature integrates with Cloud Identity Engine to provide centralized certificate management and validation.