Prisma Cloud Compute Edition Administrator’s Guide
    : Logging into Prisma Cloud
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Authentication
    6. Logging into Prisma Cloud
    Download PDF

    Prisma Cloud Compute Edition Administrator’s Guide

    Logging into Prisma Cloud

    Table of Contents

    Logging into Prisma Cloud

    Prisma Cloud Console supports multiple authentication methods. Check with your administrator to see how sign-in has been implemented for your organization, then choose the appropriate method from the drop-down list.
    The options are:
    • Local/ LDAP
       — Users are evaluated against Console’s database before the LDAP database. By default, initial admin users are created in Console’s local database, so choose this option when you’re logging in with your first user. If you integrate with a central identity provider, you can always delete the initial admin user, so that all users authenticate in compliance with your organization’s policy (e.g., 2FA).
      If the same username exists in both databases, it’s not possible to login with the LDAP user.
    • SAML
       — Security Assertion Markup Language (SAML) is an open standard that enables single sign-on. Prisma Cloud supports all standard SAML 2.0 providers.
    • OAuth
       — Prisma Cloud currently supports GitHub and OpenShift for OAuth login. For the OAuth login flow, Prisma Cloud gets permission from the user to query their information (username and email) from GitHub or OpenShift, and then checks the local database to determine if the user is authorized to access Prisma Cloud Console. If so, Prisma Cloud issues a token to the user to access Console.
    • OpenID Connect
       — OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. Prisma Cloud supports all standard OpenID Connect providers.

    Login flow

    If you integrate Prisma Cloud with an identity provider (IdP), the user’s identity is verified by the IdP, and the role is mapped in Prisma Cloud Console.
    If you don’t want to integrate with an IdP, Prisma Cloud lets you create "local" users and groups, where the Console itself both authenticates and authorizes users.

    Direct login URL

    Direct login URLs are supported for SAML, OAuth and OIDC. When you use the direct login URL, the client doesn’t need the extra step of selecting an auth provider from the Prisma Cloud login page.
    Set type in the direct login URL:
    https://<CONSOLE>:<PORT>/api/v1/authenticate/identity-redirect-url?type=<oauth/oidc/saml>&redirect=true

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.