Integrate Prisma Cloud with GitHub
Prisma Cloud supports OAuth 2.0 as an authentication mechanism.
GitHub users can log into Prisma Cloud Console using GitHub as an OAuth 2.0 provider.
Prisma Cloud supports the authorization code flow only.
Configure Github as an OAuth provider
Create an OAuth App in your GitHub organization so that users in the organization can log into Prisma Cloud using GitHub as an OAuth 2.0 provider.
- Log into GitHub as the organization owner.
- Go toSettings > Developer Settings > OAuth Apps, and clickNew OAuth App(orRegister an applicationif this is your first app).
- InApplication name, enterPrisma Cloud.
- InHomepage URL, enter the URL for Prisma Cloud Console in the format https://<CONSOLE>:<PORT>.
- InAuthorization callback URL, enter https://<CONSOLE>:<PORT>/api/v1/authenticate/callback/oauth.
- ClickRegister application.
- Copy theClient IDandClient Secret, and set them aside setting up the integration with Prisma Cloud.
Integrate Prisma Cloud with GitHub
Set up the integration so that GitHub users from your organization can log into Prisma Cloud.
- Log into Prisma Cloud Console.
- Go toManage > Authentication > Identity Providers > OAuth 2.0.
- SetIntegrate Oauth 2.0 users and groups with Prisma CloudtoEnabled.
- SetIdentity providertoGitHub.
- SetClient IDandClient secretto the values you copied from GitHub.
- SetAuth URLtohttps://github.com/login/oauth/authorize.
- SetToken URLtohttps://github.com/login/oauth/access_token.
- ClickSave.
Prisma Cloud to GitHub user identity mappings
Create a Prisma Cloud user for each GitHub user that should have access to Prisma Cloud.
After the user is authenticated, Prisma Cloud uses the access token to query GitHub for the user’s information (user name, email).
The user information returned from GitHub is compared against the information in the Prisma Cloud Console database to determine if the user is authorized.
If so, a JWT token is returned.
- Go toManage > Authentication > Users.
- ClickAdd User.
- SetUsernameto the GitHub user name.
- <