>
    Strata Copilot
    Onboard an Asana App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard an Asana App to SSPM
    Download PDF
    SaaS Security

    Onboard an Asana App to SSPM

    Table of Contents

    Onboard an Asana App to SSPM

    Connect an Asana instance to SSPM to detect posture and account risks.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    For SSPM to detect posture risks in your Asana instance, you must onboard your Asana instance to SSPM. Through the onboarding process, SSPM connects to an Asana API by using an API token that you generate from the Asana admin console. After connecting to the Asana API, SSPM scans your Asana workspace for misconfigured settings and account risks.
    The supported Asana account plans for SSPM scans are the following plans:
    • Enterprise +
    • Legacy Enterprise
    To access your Asana instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    API Token
    A service account token that Asana generates for a service account that you create. The token is an alphanumeric string that SSPM will use to authenticate to the Asana API and leverage the service account's permissions.
    To onboard your Asana instance, you complete the following actions:
    1. Create a service account in Asana and save the service account token.
      An Asana service account is a non-human, programmatic identity that SSPM will use to scan your Asana workspace. When you create a service account, Asana generates and displays a service account token that SSPM will use to access the Asana API. When you create the service account, Asana will display the service account token. Asana will display this token only once, so you will need to copy and save the token so you can provide it to SSPM later.
      1. Open a web browser to the Asana website, and log in as a Super Admin.
        Required Permissions: To create an Asana service account, you must use an account assigned to the Super Admin role. Service accounts are an exclusive feature for organizations on Asana's Enterprise or Enterprise+ plans.
      2. Navigate to the Admin Console in Asana. To navigate to the Admin Console, locate your profile picture in the upper-right corner of the Asana webpage and select <profile-picture> Admin console.
      3. In the left navigation pane, select AppsService Accounts.
      4. On the Service Accounts page, Add service account to configure your service account.
      5. Fill in the fields of Add service account dialog.
        • Specify a Name for the service account. For example, SSPM Service Account.
        • Under Permission scopes, select the option that allows Full permissions.
      6. Save changes to generate the service account token. Copy the service account token and paste it into a text file.
        Don’t continue to the next step unless you have copied the service account token. You must provide this token to SSPM during the onboarding process.
    2. (Optional) Update the expiration period for service account tokens.
      By default, the lifespan for service account tokens in Asana is 10 years. To limit the attack window should the token become compromised, we recommend that you specify that service account tokens should expire after 90 days.
      1. From the left navigation pane in the Admin Console, select AppsService Accounts.
      2. On the App settings page, locate the Token Expiration settings.
      3. For the When should service account tokens expire? setting, select 90 days.
      4. Save changes.
    3. Connect SSPM to your Asana instance.
      In SSPM, complete the following steps to enable SSPM to connect to your Asana instance.
      1. Log in to Strata Cloud Manager.
      2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Asana tile.
      3. On the Posture Security tab, Add New instance.
      4. Log in with Credentials.
      5. Enter your API token (service account token) and Connect.

    © 2026 Palo Alto Networks, Inc. All rights reserved.