Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Parallels® Browser Isolation is a remote browser isolation (RBI) solution that provides secure access to websites and web applications. By using Parallels Browser Isolation, you can create a list of allowed web resources, configure access by using granular policies, and see usage statistics.
Parallels Browser Isolation consists of two services:
Parallels Browser Isolation Management Portal for managing users and resources
Parallels Browser Isolation User Portal for accessing resources
This guide explains how to use Parallels Browser Isolation Management Portal.
To start working with Parallels Browser Isolation, follow the steps below:
Parallels Browser Isolation supports several types of licenses. You can purchase a license for a specific duration and number of users.
The user license is consumed dynamically when the end user signs in to Parallels Browser Isolation User Portal to access the resources. The license seat is persistently assigned to the named user. This provides the user the ability to access the resources from any device.
The differences between various types of licenses are explained below.
| Type | User seats | Billing | Support |
|---|---|---|---|
This type of license allows customers to use Parallels Browser Isolation to provide access to resources to their end users. The maximum number of end users allowed to access resources is based on the number of user seats specified in the license and available for the duration of the contract.
The SPLA (Service Provider License Agreement) is designed for service providers and Independent Software Vendors (ISVs) offering Parallels DaaS to their customers. It allows you to pay for licenses based on the number of seats that you make available to your customers each billing period.
This type of license allows you to use Parallels Browser Isolation for free for a short period of time.
When you are invited to Parallels Browser Isolation, you will receive an invitation email containing a license key, a link to Parallels Browser Isolation sign-in page, and instructions on activating the license key in Parallels My Account.
To sign in:
Sign in to Parallels My Account ().
On the Home page, click the Register a License Key button. You might be prompted to enter business information if you do not yet have a business account.
In the License Key field, specify the license key you received in the invitation email. Provide an optional description of the key in the Display name field.
Click Register.
Click Dashboard on the top of the page.
On the Parallels Browser Isolation card, click Initial Configuration. You will be redirected to Parallels Browser Isolation
Next, you need to .
Subscription (pre-paid)
Specified in the subscription
Prepaid per year
Included
Subscription (post-paid) - SPLA
Unlimited
1 year auto-renewing
Included
Trial (Free)
15 users
Free (7 days)
Included
Follow one of the links below to learn how to configure your IdP:
Next, you need to configure Parallels Browser Isolation.
This release contains optimizations of the underlying infrastructure, with no updates or changes to the product interface, features, or functionality.
Ability to upload domains in bulk when creating policies and secure web applications.
Added the Overview section to the Insights category. This section shows a dashboard with key metrics on sessions, users, policies, and applications.
Added usage-based Metrics (SPLA) Subscription.
Several bug fixes and improvements to stability.
All Release notes: https://kb.parallels.com/en/130068.
To configure Parallels Browser Isolation for the first time:
Read Cloud Solution Agreement, and if you agree to it, click Accept.
On the Configure Domain & IdP card, click IdP Configuration. The Configuration category will open.
In the Domain Configuration section, enter your organization's domain in the Domain field.
In the IdP Configuration section, do the following:
In the OpenID configuration URL field, specify the URL of the discovery document of your OpenID Connect provider.
In the Client ID field, specify your client ID for connecting to the identity provider. For Auth0, the format of the Client ID is https://<Domain_Name>/.well-known/openid-configuration.
In the Client secret field, specify the secret for connecting to the identity provider.
In the Username claim name field, specify the ID token that holds the username claim name:
For Entra ID, specify preferred_username
For Auth0, specify name
In the Group claim name field, specify the ID token that holds the group claim name.
Click the Test Configuration button to make sure that the specified settings are correct.
Click Save. The Overview category will open.
In the Users field, specify the email (UPN) of the user you want to add as an administrator and click Add. The email must be exactly the same as that used in your IdP. Do this multiple times if you want to add several users.
In the Groups field, specify the group you want to add as an administrator group and click Add. The group name must be exactly the same as that used in your IdP. Do this multiple times if you want to add several groups.
Click Save. The Overview category will open.
On the Access Admin Portal card, click Admin Sign In. You will be redirected to Parallels Browser Isolation Management Portal.
Next, you need to add users and groups that will access you applications.
Applications are resources that your users can access in Paralles Browser Isolation.
To add an application:
Navigate to the Application category.
Click the Add Application button.
Parallels Browser Isolation supports two types of applications:
Secure browser: An instance of secure browser. You can create several instances for different users and groups and configure different policies for them.
Web application: A standalone web application.
Depending on the type of application you want to add, click either Add Secure Browser or Add Secure Web Application.
Configure the application settings:
Name: The name of the application.
(Optional) Description: The description of the application.
(Optional) Icon: The application icon.
Start URL: Depends on the type of application. For secure browser instances, this is the URL of the home page. For the web application, this is the URL of the application.
(Web applications only) Allowed domain: Additional domains that can be accessed from the application, for example, IdP login pages. You can add several domains simultaneously by clicking the Add from File button and selecting a .csv file with the list of domains.
Users: Users who can access the application.
Groups: User groups that can access this application.
(Optional) Apply policies: Policies that apply to the application.
Click Save.
Navigate to the card with the application that you want to publish and click the Publish Application switch.
Next, you need to add policies.
To let users access applications, you need to add them to Parallels Browser Isolation.
To add a user to Parallels Browser Isolation:
Navigate to the User Management category.
Select Users.
Click Add.
Specify the name of the user exactly as it is configured in the IdP.
Click Add.
To add a group to Parallels Browser Isolation:
Navigate to the User Management category.
Select Groups.
Click the Add button.
Specify the name of the group exactly as it is configured in the IdP.
Click Add to add the group to Parallels Browser Isolation.
Next, you need to add applications.
Policies allow you to configure things like access to resources, blocked domains, user experience, and so on.
To add a policy:
Navigate to the Policies category.
Click Add.
Configure the general policy settings:
Name: The name of the policy.
(Optional) Description: The description of the policy.
Configure settings in the Profile section. This section allows you to create an isolation profile based on users, groups, locations, time zones, and so on.
(Optional) Users: Users affected by this policy. Find the user in the Users drop-down menu and click the Add button to the right. Added users will appear in the list below.
(Optional) Groups: User groups affected by this policy. Find the group in the Groups drop-down menu and click the Add button to the right. Added groups will appear in the list below.
(Optional) Active Hours: The time period when the policy will be active.
(Optional) Location: Locations where the users are affected by this policy. Find the location in the Country drop-down menu and the Add button to the right. Added locations will appear in the list below.
Configure settings in the Security controls section. This section allows you to configure specific use cases or features like preventing uploading or downloading, restricting printing, or blocking an URL.
(Optional) Policy features: Features that are restricted under the policy.
(Optional) End user experience: The indicator that shows that the application is running inside Parallels Browser Isolation.
(Optional) Restrict domains: The URLs that are blocked under the policy. Specify the domain you want to block in the Block domain field and click the Add button to the right. Added URLs will appear in the list below. You can add several domains simultaneously by clicking the Add from File button and selecting a .csv file with the list of domains.
Click Save.
To apply the policy to an application, navigate to the category and edit the application accordingly. You can see the list of applications the policy is applied to in the Usage section of the policy settings.
Now your users can access all published resources using Parallels Web Client.
The Get started section contains buttons for , and .
The Policies category allows you to create and manage policies. Policies control things such as user access, scheduling, URL filtering, and much more.
To add a policy:
Navigate to the Policies category.
Click Add.
Configure the general policy settings:
Name: The name of the policy.
(Optional) Description: The description of the policy.
Configure settings in the Profile section. This section allows you to create an isolation profile based on users, groups, locations, time zones, and so on.
(Optional) Users: Users affected by this policy. Find the user in the Users drop-down menu and click the Add button to the right. Added users will appear in the list below.
(Optional) Groups: User groups affected by this policy. Find the group in the Groups drop-down menu and click the Add button to the right. Added groups will appear in the list below.
(Optional) Active Hours: The time period when the policy will be active.
(Optional) Location: Locations where the users are affected by this policy. Find the location in the Country drop-down menu and the Add button to the right. Added locations will appear in the list below.
Configure settings in the Security controls section. This section allows you to configure specific use cases or features like preventing uploading or downloading, restricting printing, or blocking an URL.
(Optional) Policy features: Features that are restricted under the policy.
(Optional) End user experience: The indicator that shows that the application is running inside Parallels Browser Isolation.
(Optional) Restrict domains: The URLs that are blocked under the policy. Specify the domain you want to block in the Block domain field and click the Add button to the right. Added URLs will appear in the list below. You can add several domains simultaneously by clicking the Add from File button and selecting a .csv file with the list of domains.
Click Save.
To apply the policy to an application, navigate to the Applications category and edit the application accordingly. You can see the list of applications the policy is applied to in the Usage section of the policy settings.
Note: If you add or edit a policy for an application that is currently in use, it will not take effect immediately. For the new policy to load, the users will need to close all tabs of the application, wait for five seconds, and open the application again.
To edit a policy:
Navigate to the Policies category.
Click the meatball icon (three vertical dots) in the rightmost column and select Edit.
Edit the policy as desired.
Click Save.
Note: If you add or edit a policy for an application that is currently in use, it will not take effect immediately. For the new policy to load, the users will need to close all tabs of the application, wait for five seconds, and open the application again.
To view policy information:
Navigate to the Policies category.
Click on the policy. A side pane with information opens.
To remove a policy:
Navigate to the Policies category.
Click the meatball icon (three vertical dots) in the rightmost column and select Remove.
In the dialog that appears, click Remove.
The Applications category allows you to add applications that users can work with.
To add an application:
Navigate to the Application category.
Click the Add Application button.
Parallels Browser Isolation supports two types of applications:
Secure browser: An instance of secure browser. You can create several instances for different users and groups and configure different policies for them.
Web application: A standalone web application.
Depending on the type of application you want to add, click either Add Secure Browser or Add Secure Web Application.
Configure the application settings:
Name: The name of the application.
(Optional) Description: The description of the application.
(Optional) Icon: The application icon.
Start URL: Depends on the type of application. For secure browser instances, this is the URL of the home page. For the web application, this is the URL of the application.
Users: Users who can access the application.
Groups: User groups that can access this application.
(Optional) Apply policies: Policies that apply to the application.
Click Add.
Instead of adding allowed domains manually and uploading a .csv file, you can add domains to the allowed domain list by browsing an application.
To add allowed domains by browsing a web application:
Navigate to the Application category.
Select the application that you want to edit.
Click Edit.
In the Domains section, click Discover.
A new dialog will open the page specified in the application's Start URL field. Navigate through the pages of the web application that access other domains and click Next.
In the dialog that opens, select the domains that you want to add to the allowed domains list and click Update.
To edit application settings:
Navigate to the Application category.
Click Edit and change the settings.
Click Save.
You can also edit application settings by clicking the application card and then clicking the Edit button in the side drawer.
To view application settings:
Navigate to the Application category.
Navigate to the card with the application that you want to view.
Do one of the following:
Click the card.
You can also view application settings by clicking on an application card.
To remove an application:
Navigate to the Application category.
Click Delete.
You can also delete an application by clicking the application card and then clicking the Delete button in the side drawer.
The Insights category allows you to inspect current and historical usage statistics.
The Overview category shows key metrics on sessions, users, policies, and applications.
You can change the period for which Parallels Desktop Browser Isolation displays the data by clicking the drop-down menu in the top-right corner.
This category contains the following reports:
Isolated Browser Sessions: The number of user sessions.
Top 5 Most Visited Domains: The domains that users visited the most.
Top 5 Web Apps Used: The apps that users opened the most.
Top 5 Violations: The restricted actions that users performed the most.
Top 5 Users with Security Controls Encounters: The users who performed restricted actions the most.
Top 5 Regions: The regions with the most users.
You can download the reports from the Overview category in the XLSX format by clicking the Menu button (...) and selecting Download.
The Live reports category shows current usage statistics.
The User Events category shows historical events related to user activity.
The User Events category shows historical events related to administrator activity. You can click on an event to see the request and response information.
(Web applications only) Domains: Additional domains that can be accessed from the application, for example, IdP login pages. You can add several domains simultaneously by clicking the Add from File button and selecting a .csv file with the list of domains. In addition to that, you can .
Navigate to the card with the application that you want to edit and click the three dots button ( ).
Navigate to the card with the application that you want to edit and click the three dots button ( ).
Click the three dots button ( ) and click View.
Navigate to the card with the application that you want to delete and click the three dots button ( ).
If you have comments or suggestions, we encourage you to send us feedback.
To send feedback from Parallels Browser Isolation Management Portal:
Click the "person" icon in the top-right corner.
From the menu that opens, select Provide Feedback.
Add your feedback and click Send.
The User Managment category allows you to add users and groups that exist in the IdP to Parallels Browser Isolation as well as assign the administrator role to these users and groups. After adding users and groups, you can assign policies and applications to them.
To add a user to Parallels Browser Isolation:
Navigate to the User Management category.
Select Users.
Click Add.
Specify the name of the user exactly as it is configured in the IdP.
Click Add.
Note: Adding users and groups to Parallels Browser Isolation does not create new users in your IdP.
To remove a user from Parallels Browser Isolation:
Navigate to the User Management category.
Select Users.
Click the meatball icon in the rightmost column and select Remove.
In the dialog that appears, click Remove.
Note: Removing users from Parallels Browser Isolation does not delete users from your IdP.
To add a group to Parallels Browser Isolation:
Navigate to the User Management category.
Select Groups.
Click the Add button.
Specify the name of the group exactly as it is configured in the IdP.
Click Add to add the group to Parallels Browser Isolation.
Note: Adding groups to Parallels Browser Isolation does not create new groups in your IdP.
To remove a group from Parallels Browser Isolation:
Navigate to the User Management category.
Select Groups.
Click the meatball icon (three vertical dots) in the rightmost column and select Remove.
In the dialog that appears, click Remove.
Note: Removing groups from Parallels Browser Isolation does not delete groups from your IdP.
Administrator role allows a user or a group to access Parallels Browser Isolation Management portal.
To assign an administrator role to a user or group:
Navigate to the User Management category.
Select Administrators.
In either Users or Groups field, specify the name of the user or group exactly as it is configured in the IdP. Added users and groups will appear in the list below.
Log in to the Google Cloud Console at https://console.cloud.google.com/.
At the top of the page, click Select a Project or New Project.
In the left menu (or under Quick access on the page), click on APIs & Services, then OAuth consent screen.
In the User Type section, select Internal.
Fill in Application name and Support email fields, and click Save and Continue.
Add email, profile, and openid.
Click the Create credentials button, and select OAuth client ID.
Fill in the details below and click Create.
Application Type: Web application
Name: [Name of you application]
Authorized redirect URIs: https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
This is the Parallels Browser Isolation redirect URL.
In the dialog that appears, copy the Client ID and Client Secret or download the JSON file.
Once the above steps are completed, copy the values which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
Use this page to build and configure your OKTA OIDC
On your Okta admin dashboard, go to Applications > Applications.
Select Create App Integration.
In the Sign-in method section, select OIDC - OpenID Connect.
In the Application type section, select Web Application. Click Next.
Enter a name for the application as relevant to your organization. For example, Acme Inc.
In the Sign-in redirect URIs field, specify https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
On the General tab, copy the Client ID and Client secret.
Once the above steps are completed, copy the values from OKTA which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
Log in to .
Navigate to Getting started and click Create Application.
Do one of the following:
If you don't have any specific requirements for your environment, select either Single Web Page Applications or Regular Web Applications.
If you know that your environment requires a specific type of application, select that type.
Click Create.
Select the Settings tab and copy the values of Client ID and Client Secret.
In the Allowed Callback URLs field, specify https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
Select the Endpoints tab in the Advanced settings section and copy the value of the OpenID Configuration field.
In the left pane, navigate to Users under User Management.
Navigate to Create Users and click Create User.
Add the email and password of the user.
(Optional) Verify the user's email:
Click the three dots button.
In Details, go to email and verify the email.
Once the above steps are completed, copy the values from which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
Log in to the Microsoft Azure portal .
Open the portal menu and select Microsoft Entra ID.
On the left pane, select App registrations.
Click New registration (at the top of the right pane). The Register an application blade opens.
In the Name field, type the name you want to use for the application.
Select an appropriate account type.
In the Redirect URI section, make sure that Web is selected in the drop-down list and add the following URIs:
https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
Click Register (at the bottom left).
If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.
In the left pane, click Certificates & secrets.
In the right pane, click New client secret.
Type a client name and select a desired expiration option.
Click Add. The new client secret appears in the Client secrets list.
Warning: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.
Select your application and on the left pane, select Token configuration.
Click Add groups claim.
Select an appropriate group type.
Click Add.
Click Add optional claim.
In the Token type section, select ID.
Select preferred_username.
Click Add.
Select your application and on the left pane, select API permissions.
Click Add a permission.
Click the Microsoft Graph card.
Click the Delegated permissions card.
Open the Group section.
Select the following permissions:
Group.Read.All
Click Add permissions.
Click Grant admin consent for...
Confirm you want to grant admin consent by clicking Yes.
Select your application and on the left pane, select Overview.
Save the following information for use in the Parallels Browser Isolation Management Portal setup:
Application (client) ID
Click the Endpoints button.
Save the value of the OpenID Connect metadata document field for use in the Parallels Browser Isolation Management Portal setup.
Make sure to securely store the client secret and other sensitive information.
Once the above steps are completed, copy the values from Entra ID which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
| Settings | Value | Details |
|---|---|---|
| Settings | Value | Details |
|---|
| Settings | Value | Details |
|---|
| Settings | Value | Details |
|---|
Domain
Ex: acme.com or parallels.com or <yourorgdomain.com>
The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]
Discovery URL
Copy this value from Google's IDP Settings. It should follow the format specified in the Value Column
Client ID
******************
Copy this value from Google's IDP Settings
Client Secret
******************
Copy this value from Google's IDP Settings
Username Claim Name
For more info visit; https://developers.google.com/identity/openid-connect/openid-connect
Groups Claim Name
groups
For more info visit; https://developers.google.com/identity/openid-connect/openid-connect
Domain | Ex: acme.com or parallels.com or <yourorgdomain> | The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com] |
Discovery URL | Copy this value from OKTA's IDP Settings. It should follow the format specified in the Value Column |
Client ID | ****************** | Copy this value from OKTA's IDP Settings |
Client Secret | ****************** | Copy this value from OKTA's IDP Settings |
Username Claim Name |
Groups Claim Name |
Domain | Ex: acme.com or parallels.com or <yourorgdomain.com> | The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com] |
Discovery URL | Copy this value from Auth0 IDP Settings. It should follow the format specified in the Value Column |
Client ID | ****************** | Copy this value from Auth0 IDP Settings |
Client Secret | ****************** | Copy this value from Auth0 IDP Settings |
Username Claim Name | For more info visit; |
Groups Claim Name | groups | For more info visit; |
Domain | Ex: acme.com or parallels.com or <yourorgdomain.com> | The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com] |
Discovery URL | https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration | Copy this value from MS Entra ID, IdP Settings. It should follow the format specified in the Value Column |
Client ID | ****************** | Copy this value from MS Entra's IdP Settings |
Client Secret | ****************** | Copy this value from MS Entra's IdP Settings |
Username Claim Name | For more info visit; |
Groups Claim Name | groups |
For more info visit;
For more info visit;
For more info visit;
