* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [SASE](https://origin-researchcenter.paloaltonetworks.com/blog/sase/) * [Product Features](https://origin-researchcenter.paloaltonetworks.com/blog/sase/category/product-features/) * Introducing Secure Agentl... # Introducing Secure Agentless Access (SAA): A New Zero Trust Access Method for Any User on Any Device [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsase%2Fintroducing-secure-agentless-access-saa-a-new-zero-trust-access-method-for-any-user-on-any-device%2F) [](https://twitter.com/share?text=Introducing+Secure+Agentless+Access+%28SAA%29%3A+A+New+Zero+Trust+Access+Method+for+Any+User+on+Any+Device&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsase%2Fintroducing-secure-agentless-access-saa-a-new-zero-trust-access-method-for-any-user-on-any-device%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsase%2Fintroducing-secure-agentless-access-saa-a-new-zero-trust-access-method-for-any-user-on-any-device%2F&title=Introducing+Secure+Agentless+Access+%28SAA%29%3A+A+New+Zero+Trust+Access+Method+for+Any+User+on+Any+Device&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/sase/introducing-secure-agentless-access-saa-a-new-zero-trust-access-method-for-any-user-on-any-device/&ts=markdown) \[\](mailto:?subject=Introducing Secure Agentless Access (SAA): A New Zero Trust Access Method for Any User on Any Device) Link copied By [Cristian Raducanu](https://www.paloaltonetworks.com/blog/author/cristian-raducanu/?ts=markdown "Posts by Cristian Raducanu"), [Siddharth Sharma](https://www.paloaltonetworks.com/blog/author/siddharth-sharma/?ts=markdown "Posts by Siddharth Sharma") and [Isabel Jiang](https://www.paloaltonetworks.com/blog/author/ijiang/?ts=markdown "Posts by Isabel Jiang") Jun 30, 2026 7 minutes [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown) [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown) [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown) [Prisma SASE](https://www.paloaltonetworks.com/blog/tag/prisma-sase/?ts=markdown) [Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown) In the modern enterprise ecosystem, the traditional perimeter has dissolved. As organizations transition toward hybrid environments, the primary objective remains the same: securely brokering access to sensitive internal resources. However, the rise of BYOD and third-party collaboration has introduced a significant security debt: the unmanaged device. Our current agentless portfolio for unmanaged devices includes Prisma Browser. Prisma Browser focuses on securing public and private web-based apps, as well as RDP/SSH connections, while enforcing Data Loss Prevention (DLP), zero-trust policies, and full device separation. While it requires installing a browser on the unmanaged device, some customers might see that as an obstacle or additional overhead, asking us to expand our portfolio to also support a pure agentless solution. Recently, we reached a major milestone in solving this challenge. We are excited to announce that Privileged Remote Access (PRA) in Prisma Access has officially evolved and rebranded to Secure Agentless Access (SAA). This launch marks a game-changing shift for our customers, providing a streamlined, robust, and seamless way to connect any user on any device to critical internal applications - without installing anything on the device. SAA expands your toolkit by allowing secure access to core internal infrastructure from any HTML5 compliant browser. With both Prisma Browser and Secure Agentless Access, these complementary solutions provide organizations with a comprehensive, flexible framework to eliminate security debt and confidently support BYOD and third-party collaboration. ### **Unmanaged Devices: The Dilemma of Overly Restrictive Access Control and Excessive Trust** While managed assets are typically hardened with Mobile Device Management (MDM) and Extended Detection and Response (XDR) products, these solutions are often technically and logistically unfeasible for unmanaged devices or certain internal or external users. This issue is most noticeable in scenarios such as: * **Vulnerable Public/Shared Infrastructure:** Remote workers using hotel business centers or kiosks. * **Complex Third-Party Access Integrations:** Partners and contractors who cannot enroll their hardware in your enterprise's management tenant and are unwilling to install any agent or use a mandated browser. * **Policy Restrictions:** Specialized vendors or federal contractors restricted from installing software of any kind. Historically, this created a binary choice: Over-Restriction (denying access and killing productivity) or Excessive Trust (risking credential theft and data exfiltration). Neither is sustainable for a modern Zero Trust posture. ### **Now Live: Support for Private Web Apps** The launch of SAA brings more than just a new name. For use cases where devices are not able to install a browser, we can now support private web applications through SAA! While SAA continues to provide industry-leading support for RDP, SSH, and VNC, users can now access internal web-based applications (HTTP/HTTPS) seamlessly through any HTML5 compatible browser. This expansion means your extended workforce can interact with virtually any internal resource - from legacy terminals to modern web dashboards, all with zero software footprint on the endpoint. ### **Secure Agentless Access (SAA) Extends Zero Trust Access to Unmanaged Devices Seamlessly** SAA addresses these challenges by providing a solution that bridges the gap between security and accessibility. By leveraging standard HTML5 compliant browsers, SAA creates a secure tunnel to internal resources. This all happens without requiring any software installation or device management. This approach allows IT teams to extend Zero Trust policies to the entire workforce, ensuring that even unmanaged or third-party devices remain isolated from the core network while maintaining high-performance access to the tools they need. For administrators, setup is simple: configure your portal configurations, define your applications, and apply access policies to achieve immediate secure connectivity. ### **Key Real World Use Cases** * **Enable Secure App Access on Unmanaged \& BYOD Devices:** Users can securely use personal devices or shared workstations for work without privacy concerns or the complexity of installing agents. * **Enhance Third-Party \& Vendor Collaboration:** Implement a robust authentication framework with Cloud Identity Engine (CIE) to verify all users and ensure secure, controlled access to sensitive data. * **Improve Contractors \& Full Time Employees Access Management:** IT contractors, developers and employees managing internal systems or accessing code repositories or internal apps. ### **SAA Brings Numerous Benefits to Customers and End-Users** SAA offers a streamlined approach to security that empowers your workforce while ensuring robust protection: * **Reduced Operational Overhead:** SAA removes the need for agent installations or any on-premise components. Instead, it utilizes your existing Prisma Access infrastructure to deliver seamless, secure connectivity to any user, on any device, with minimal configuration required. * **Universal Browser Compatibility:** SAA is compatible with any HTML5 compliant browser, ensuring broad accessibility with all organizations. * **Secure Access for All Workforces:** Whether they are employees, contractors, or partners, SAA delivers consistent, secure access across locations, browsers, and device types - without compromising productivity. * **Scale with Global Infrastructure and Hyperscale:** SAA leverages a globally distributed, cloud architecture to deliver optimized performance, high availability, and scalability for all users. ### **Coming Soon: Secure Agentless Access and Remote Browser Isolation Integration** Looking ahead, we are expanding our agentless capabilities with an upcoming integration between Secure Agentless Access (SAA) and Remote Browser Isolation (RBI). By pairing these technologies, we are extending security controls from internal private applications to cloud-based SaaS workflows. With the upcoming SAA + RBI integration, customers will be able to achieve three primary outcomes: 1. #### Clientless Zero Trust Access for SaaS Apps You can extend your Zero Trust architecture to unmanaged third-party vendors, contractors, and BYOD employees. Users can securely access critical corporate SaaS applications (such as Microsoft 365, Salesforce, or Workday) through a completely clientless architecture, ensuring the same security guardrails apply to unmanaged endpoints as they do to managed devices. 2. #### Granular Data Exfiltration Prevention and Data Controls for Private Web Apps and SaaS Apps To Prevent corporate data leakage on unmanaged devices, the integration enforces strict data controls directly within the isolated session: Clipboard and Input Control: Restrict actions like cut, copy, paste and printing. File Transfer Restrictions: Block or limit file uploads and downloads. For secure workflows, files can be safely rendered and viewed with the cloud container without ever touching local storage. 3. #### Advanced Zero-Day Threat Protection Because web content executes entirely within an air-gapped cloud environment, malicious scripts, malware, and credential-harvesting threats are neutralized before they ever reach the user's local browser. All isolated traffic undergoes full analysis backed by Cloud-Delivered Security Services (CDSS)---delivering robust threat prevention without taxing the user's local hardware or slowing down their experience. ### **Elevate Your ZTNA Posture Today** By eliminating the complexities of traditional access methods, SAA reduces costs, increases efficiency, and closes the security gaps from unmanaged devices. Secure Agentless Access is now live\*\*.\*\* We invite you to explore how this solution can transform your secure access strategy and provide your extended workforce with the tools they need, exactly when they need them. For details on how to configure SAA, please visit our technical documentation linked [here](https://docs.paloaltonetworks.com/prisma-access/administration/privileged-remote-access). ***Forward-Looking Statements*** ***(unreleased feature only)*** *This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies.* *Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.* *** ** * ** *** ## Related Blogs ### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Bringing Zero Trust SASE to Your Doorstep with SASE Private Location](https://origin-researchcenter.paloaltonetworks.com/blog/sase/bringing-zero-trust-sase-to-your-doorstep-with-sase-private-location/) ### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown) [#### Revolutionize User Experiences with App Acceleration](https://origin-researchcenter.paloaltonetworks.com/blog/sase/revolutionize-user-experiences-reduce-packet-loss-app-acceleration/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown) [#### Introducing the Industry's First SD-WAN with Integrated IoT](https://origin-researchcenter.paloaltonetworks.com/blog/sase/introducing-the-industrys-first-sd-wan-with-integrated-iot/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Extending Our SASE Leadership with Next-Gen CASB Innovations](https://origin-researchcenter.paloaltonetworks.com/blog/2022/08/sase-leadership-with-next-gen-casb-innovations/) ### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown) [#### 3 Common ZTNA Deployment Hurdles and How to Overcome Them](https://origin-researchcenter.paloaltonetworks.com/blog/sase/3-common-ztna-deployment-hurdles-and-how-to-overcome-them/) ### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown) [#### The Unified SASE Advantage: Top 3 Reasons to Converge SD-WAN \& SSE](https://origin-researchcenter.paloaltonetworks.com/blog/sase/the-unified-sase-advantage-top-3-reasons-to-converge-sd-wan-sse/) ### Subscribe to Sase Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language