Organizations transitioning to Prisma® Access Agent face challenges when their existing authentication infrastructure uses LDAP/LDAPS, as Prisma Access Agent previously only supported SAML and certificate authentication through Cloud Identity Engine (CIE). This can create significant adoption barriers, especially in regions where LDAP usage is prevalent. LDAP support for Prisma Access Agent addresses this challenge by enabling you to leverage your existing GlobalProtect® portal LDAP authentication infrastructure, eliminating the need to reconfigure authentication methods when migrating to Prisma Access Agent.

With LDAP authentication support, you can now configure your Prisma Access Agent to authenticate users against your existing directory services through the GlobalProtect portal. This integration provides a seamless authentication experience for your users while maintaining your existing security policies. The feature supports all standard LDAP configuration options, including Base DN, Bind DN, multiple LDAP servers, SSL/TLS secure connections, and server certificate verification for SSL sessions. You can also combine LDAP authentication with client certificate authentication using AND/OR logic to meet your specific security requirements.

The enhanced user experience includes support for saved user credentials, enabling seamless authentication across device states such as sleep-wake cycles, hibernation, and network transitions. When properly configured, users won't need to repeatedly enter their credentials after logging into their operating system.

By supporting LDAP authentication through the GlobalProtect portal, Prisma Access Agent provides you with a smoother migration path from GlobalProtect to Prisma Access Agent, preserving your authentication setup while enabling you to transition to a newer access agent. This feature is valuable for existing deployments where reconfiguring authentication methods would otherwise increase deployment complexity and time.