Integrate with Active Directory

Prisma Cloud can integrate with Active Directory (AD), an enterprise identity directory service.
If your AD environment uses alternative UPN suffixes (also referred to as explicit UPNs), see Non-default UPN suffixes to understand how to use them with Prisma Cloud.
LDAP group names are case sensitive in Prisma Cloud.
With AD integration, you can reuse the identities and groups centrally defined in Active Directory, and extend your organization’s access control policy to manage the data users can see and the things they can do in the Prisma Cloud Console.
For more information about Prisma Cloud’s built-in roles, see User Roles.

Configuration options

The following configuration options are available:
Configuration option
Enables or disables integration with Active Directory.
In Console, use the slider to enable (ON) or disable (OFF) integration with AD.
By default, integration with AD is disabled.
Specifies the path to your LDAP server, such as an Active Directory Domain Controller.
The format for the LDAP server path is:
<PROTOCOL>://<HOST>:<PORT> Where <PROTOCOL> can be ldap or ldaps. For an Active Directory Global Catalog server, use ldap.
For performance and redundancy, use a load balanced path.
Example: ldap://
Search Base
Specifies the search query base path for retrieving users from the directory.
Example: dc=example,dc=com
User identifier
User name format when authenticating
sAMAccountName = DOMAIN\sAMAccountName
userPrincipalName =
The Active Directory domain name must be provided when using sAMAccountName due to domain trust behavior.
Account UPN
Console Account UPN Specifies the username for the Prisma Cloud service account that has been set up to query Active Directory.
Specify the username with the User Principal Name (UPN) format: