Pre-logon for Prisma Access Agent enables secure tunnel connections before user
authentication, enabling essential network access for remote devices.
Organizations face difficulties in pushing updates to remote machines without
requiring users to log in to their machines, which can delay critical updates and
impact user productivity.
Pre-logon for Prisma Access Agent
addresses this challenge by establishing a secure connection before user
authentication occurs. This feature enables you to manage and update remote devices
efficiently, improving IT productivity, and enhancing the overall security
posture.
With pre-logon, you can establish a tunnel as soon as a device boots up, using
machine certificate authentication. This enables access to critical resources like
domain controllers or LDAP servers, even when they are only accessible through the
tunnel. You can now perform essential management tasks, such as applying group
policies, installing software updates, and synchronizing roaming profiles, without
waiting for user login.
Pre-logon is useful for remote users. It enables scenarios such as the application of
group policies and software updates before user login, and synchronization of
roaming profiles. For kiosks like ATM machines, it allows connection to the
corporate network without user intervention.
The feature requires client certificates for authentication. You can configure
certificate-based authentication for pre-logon while maintaining SAML or other
methods for user login. This flexibility ensures that your security policies remain
intact while improving device management capabilities.
You can troubleshoot the agent using existing Prisma Access Agent tools like log
retrieval and HIP reports even when the pre-logon tunnel is active. The feature
supports agent upgrades and downgrades, ensuring your devices remain current and
secure.
By implementing pre-logon, you can significantly improve the management of remote and
corporate-owned devices, reduce IT overhead, and enhance security by ensuring
devices are properly configured and updated before users gain full network access.
This feature is designed to work across system restarts and sleep-wake cycles,
providing consistent connectivity for your managed devices.