Integrate Prisma Cloud with GitHub

Prisma Cloud supports OAuth 2.0 as an authentication mechanism. GitHub users can log into Prisma Cloud Console using GitHub as an OAuth 2.0 provider.
Prisma Cloud supports the authorization code flow only.

Configure Github as an OAuth provider

Create an OAuth App in your GitHub organization so that users in the organization can log into Prisma Cloud using GitHub as an OAuth 2.0 provider.
  1. Log into GitHub as the organization owner.
  2. Go to
    Settings > Developer Settings > OAuth Apps
    , and click
    New OAuth App
    (or
    Register an application
    if this is your first app).
  3. In
    Application name
    , enter
    Prisma Cloud
    .
  4. In
    Homepage URL
    , enter the URL for Prisma Cloud Console in the format https://<CONSOLE>:<PORT>.
  5. In
    Authorization callback URL
    , enter https://<CONSOLE>:<PORT>/api/v1/authenticate/callback/oauth.
  6. Click
    Register application
    .
  7. Copy the
    Client ID
    and
    Client Secret
    , and set them aside setting up the integration with Prisma Cloud.

Integrate Prisma Cloud with GitHub

Set up the integration so that GitHub users from your organization can log into Prisma Cloud.
  1. Log into Prisma Cloud Console.
  2. Go to
    Manage > Authentication > Identity Providers > OAuth 2.0
    .
  3. Set
    Integrate Oauth 2.0 users and groups with Prisma Cloud
    to
    Enabled
    .
  4. Set
    Identity provider
    to
    GitHub
    .
  5. Set
    Client ID
    and
    Client secret
    to the values you copied from GitHub.
  6. Set
    Auth URL
    to
    https://github.com/login/oauth/authorize
    .
  7. Set
    Token URL
    to
    https://github.com/login/oauth/access_token
    .
  8. Click
    Save
    .

Prisma Cloud to GitHub user identity mappings

Create a Prisma Cloud user for each GitHub user that should have access to Prisma Cloud.
After the user is authenticated, Prisma Cloud uses the access token to query GitHub for the user’s information (user name, email). The user information returned from GitHub is compared against the information in the Prisma Cloud Console database to determine if the user is authorized. If so, a JWT token is returned.
  1. Go to
    Manage > Authentication > Users
    .
  2. Click
    Add User
    .
  3. Set
    Username
    to the GitHub user name.
  4. Set
    Auth method
    to
    OAuth
    .
  5. Select a role for the user.
  6. Click
    Save
    .
  7. Test logging into Prisma Cloud Console.
    1. Logout of Prisma Cloud.
    2. On the login page, select
      OAuth
      , and then click
      Login
      .
    3. Authorize the Prisma Cloud OAuth App to sign you in.

Prisma Cloud group to GitHub organization mappings

Use groups to streamline how Prisma Cloud roles are assigned to users. When you use groups to assign roles, you don’t have to create individual Prisma Cloud accounts for each user.
Groups can be associated and authenticated with by multiple identity providers.
  1. Go to
    Manage > Authentication > Groups
    .
  2. Click
    Add Group
    .
  3. In
    Name
    , enter the the GitHub organization.
  4. In
    Authentication method
    , select
    External Providers
    .
  5. In
    Authentication Providers
    , select
    OAuth group
    .
  6. Select a role for the members of the organization.
  7. Click
    Save
    .
  8. Test logging into Prisma Cloud Console.
    1. Logout of Prisma Cloud.
    2. On the login page, select
      OAuth
      , and then click
      Login
      .
    3. Authorize the Prisma Cloud OAuth App to sign you in.

Recommended For You