Explicit Proxy deployments that cannot rely on the GlobalProtect agent are, by definition, working purely through browser-based PAC-file traffic redirection, with no endpoint software available to perform seamless, transparent identity handoff on the user ' s behalf the way an agent-based mechanism such as Kerberos single sign-on typically would. In this agentless context, the authentication method that is actually supported and functional is browser-redirect-based SAML: when a user ' s traffic is proxied, they are redirected to the organization ' s IdP login page in the browser itself, complete the SAML authentication flow there, and a resulting session cookie or token is used to authenticate subsequent proxy sessions — a mechanism that requires nothing installed on the endpoint beyond a standard browser, making option C the correct and supported answer. Kerberos (option B) fundamentally depends on integrated, agent-assisted ticket exchange with a domain controller and is not a supported, functioning mechanism for authenticating mobile users in an agentless Explicit Proxy scenario, since there is no local component to negotiate the Kerberos ticket transparently on the endpoint ' s behalf. LDAP (option A) as a direct, standalone authentication method for agentless mobile-user Explicit Proxy sessions is likewise not the supported mechanism in this scenario; LDAP is more commonly used as a backend directory lookup paired with other authentication flows rather than as the browser-facing mechanism itself. Generic " SSO " as a labeled, distinct authentication method (option D) is not how Prisma Access categorizes its supported Explicit Proxy authentication types; SAML is the specific, documented protocol used to deliver that single sign-on experience.
[Reference:Prisma Access Explicit Proxy – Agentless Mobile User Authentication Methods.]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit