>
    Strata Copilot
    Onboard Enterprise AI Agents
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Administration
    4. Agent Discovery
    5. Onboard Enterprise AI Agents
    Download PDF
    Prisma AIRS

    Onboard Enterprise AI Agents

    Table of Contents

    Onboard Enterprise AI Agents

    Learn how to onboard AI agents for use with Agent Discovery.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS AI Runtime Security
    After configuring the prerequisites for AI Agent Discovery, you’ll need to onboard a cloud account, a process that includes:
    • Onboarding a cloud account.
    • Ensure that the proper permissions for agent discovery are obtained during the onboarding process.

    Onboard an Azure Cloud Account in Strata Cloud Manager

    This section describes how to onboard an Azure cloud account in Strata Cloud Manager. It includes information you'll use to create and download an onboarding Terraform template. When you apply this template in your cloud environment, it generates a service account with sufficient permissions. These permissions enable discovery within your cloud environment, granting access to network flow logs, asset inventory details, and other essential cloud resources.
    See the page Onboard Azure Cloud Account in Strata Cloud Manager for instructions on setting up a new cloud account for AI Agent Discovery.
    When you onboard an Azure cloud account, consider the following:
    • For new accounts, you'll need to onboard a cloud account if one is not present in the tenant.
    • For existing accounts in an enabled state, you need to re-apply the Terraform to provide AI Agent Discovery access for existing onboarded accounts. This process updates the inline discovery permissions. To re-apply the onboarding Terraform, refer to Step 10 (Download Terraform) in Onboard Azure Cloud Account in Strata Cloud Manager:
    • For existing accounts in a disabled state (that is, cloud accounts that are disabled), attempts to re-enable the account results in failed validation. To resolve this issue, download the onboarding Terraform before enabling the account again.

    Onboard an AWS Cloud Account in Strata Cloud Manager

    This section describes how to onboard an AWS cloud account in Strata Cloud Manager. It includes information you'll use to create and download an onboarding Terraform template. When you apply this template in your cloud environment, it generates a service account with sufficient permissions. These permissions enable discovery within your cloud environment, granting access to network flow logs, asset inventory details, and other essential cloud resources.
    See the page Onboard AWS Cloud Account in Strata Cloud Manager for instructions on setting up a new cloud account for AI Agent Discovery.
    When you onboard an AWS cloud account, consider the following:
    • For new accounts, you'll need to onboard a cloud account if one is not present in the tenant.
    • For existing accounts in an enabled state, you need to re-apply the Terraform to provide AI Agent Discovery access for existing onboarded accounts. This process updates the inline discovery permissions. To re-apply the onboarding Terraform, refer to Step 10 (Download Terraform) in Onboard AWS Cloud Account in Strata Cloud Manager:
    • For existing accounts in a disabled state (that is, cloud accounts that are disabled), attempts to re-enable the account results in failed validation. To resolve this issue, download the onboarding Terraform before enabling the account again.

    © 2026 Palo Alto Networks, Inc. All rights reserved.