Authorize Mobile Users in Prisma Access

1. In Prisma Access, verify if it is connected to Cloud Identity Engine, and that Cloud Identity Engine is sharing directory information with Prisma Access.

   1. Select ManageConfigurationIdentity ServicesCloud Identity Engine.
   2. Confirm the directory details you added in the Cloud Identity Engine app for the integration.

2. Mark the incoming traffic based on the source.

   1. Select ManageConfigurationSecurity ServicesSecurity Policy.
   2. (For GlobalProtect mobile users and remote networks only) Add Rule or edit an existing security policy rule for GlobalProtect mobile users or Remote Networks.

   3. (For explicit proxy mobile users only) Add Rule or edit an existing security policy rule for Explicit Proxy mobile users.
   4. Add users or user groups from the Microsoft Entra ID to your security policy rule and save the policy.

      View the users and user groups you added under the Source column.

3. Push the configurations.
4. Verify the user or user group mapping.

   • For GlobalProtect mobile users only

   1. In Prisma Access, select Activity InsightsInsightsUsers.

      View details about mobile users and devices connected for a time range you select.

   • For explicit proxy mobile users only

   1. Copy the PAC file URL to the endpoint.

      Go to ManageService SetupExplicit ProxyInfrastructure Settings to view the PAC file URL.
   2. Access a URL that requires authorization.
   3. Enter the credentials.
   4. In Prisma Access, view the user mapping information by running the show user ip-user-mapping all command.
   5. (Optional) In Prisma Access, select Activity InsightsInsightsUsers.

      View details about mobile users connected for a time range you select.