How to configure Prisma browser to login using UPN instead of Email.

How to configure Prisma browser to login using UPN instead of Email.

3057
Created On 05/09/25 03:38 AM - Last Modified 12/08/25 22:20 PM


Objective


  • Prisma browser  login requires the onboarding using Cloud identity engine with SAML authentication.
  • The default method of identification is email, but UPN (User Principal Name) is also supported.
  • This article provides steps to use UPN instead of Email.

Environment


  • Prisma Browser 
  • Authentication using UPN

Procedure


  1. In CIE (Cloud Identity Engine) > Authentication Type > step 3, username attribute: select either UPN as attribute or username (where the username is selected as UPN on the IDP (identity provider) side). 

CIE UPN attribute in Authentication type

 

  1. In the Prisma Browser onboarding, Change the Identification method to UPN.

 

UPN format for identification in PAB 

  1. Once UPN is selected, it is automatically populated into the Email field on the Users page, replacing the traditional Email attribute.
  2. Once the changes are made, Wait for 10 to 15 minutes and then have the use login using UPN. 

Additional Information


Note:

  • Prisma Browser  can only accept a valid email format.
  • If the UPN value isn't an email format, Prisma Browser will skip the user credentials.
  • This means if the UPN on the IDP side is not in valid email format, UPN cannot be used for Prisma Browser login.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000k9ftKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language