Integrate with Active Directory
Prisma Cloud can integrate with Active Directory (AD), an enterprise identity directory service.
If your AD environment uses alternative UPN suffixes (also referred to as explicit UPNs), see Non-default UPN suffixes to understand how to use them with Prisma Cloud.
LDAP group names are case sensitive in Prisma Cloud.
With AD integration, you can reuse the identities and groups centrally defined in Active Directory, and extend your organization’s access control policy to manage the data users can see and the things they can do in the Prisma Cloud Console.
For more information about Prisma Cloud’s built-in roles, see User Roles.
Configuration options
The following configuration options are available:
Configuration option | Description |
|---|---|
Enabled | Enables or disables integration with Active Directory. In Console, use the slider to enable (ON) or disable (OFF) integration with AD. By default, integration with AD is disabled. |
URL | Specifies the path to your LDAP server, such as an Active Directory Domain Controller. The format for the LDAP server path is: <PROTOCOL>://<HOST>:<PORT>
Where <PROTOCOL> can be ldap or ldaps.
For an Active Directory Global Catalog server, use ldap. For performance and redundancy, use a load balanced path. Example:
ldap://ldapserver.example.com:3268 |
Search Base | Specifies the search query base path for retrieving users from the directory. Example:
dc=example,dc=com |
User identifier | User name format when authenticating sAMAccountName = DOMAIN\sAMAccountName userPrincipalName = user@ad.example.com The Active Directory domain name must be provided when using sAMAccountName due to domain trust behavior. |
Account UPN | Console
Account UPN Specifies the username for the Prisma Cloud service account that has been set up to query Active Directory. Specify the username with the User Principal Name (UPN) format: <USERNAME>@<DOMAIN> Example:
twistlock_service@example.com |