Focus

Prisma Cloud Compute Edition Administrator’s Guide

Integrate Prisma Cloud with GitHub

Table of Contents

Integrate Prisma Cloud with GitHub

Prisma Cloud supports OAuth 2.0 as an authentication mechanism. GitHub users can log into Prisma Cloud Console using GitHub as an OAuth 2.0 provider.

Prisma Cloud supports the authorization code flow only.

A CA certificate configured in Manage > Authentication > System certificates > Certificate-based authentication to Console
is not supported in GitHub.

Configure Github as an OAuth provider

Create an OAuth App in your GitHub organization so that users in the organization can log into Prisma Cloud using GitHub as an OAuth 2.0 provider.

Log into GitHub as the organization owner.

Go to Settings > Developer Settings > OAuth Apps
, and click New OAuth App
(or Register an application
if this is your first app).

In Application name
, enter Prisma Cloud
.

In Homepage URL
, enter the URL for Prisma Cloud Console in the format https://<CONSOLE>:<PORT>.

In Authorization callback URL
, enter https://<CONSOLE>:<PORT>/api/v1/authenticate/callback/oauth.

Click Register application
.

Copy the Client ID
and Client Secret
, and set them aside setting up the integration with Prisma Cloud.

Integrate Prisma Cloud with GitHub

Set up the integration so that GitHub users from your organization can log into Prisma Cloud.

Log into Prisma Cloud Console.

Go to Manage > Authentication > Identity Providers > OAuth 2.0
.

Set Integrate Oauth 2.0 users and groups with Prisma Cloud
to Enabled
.

Set Identity provider
to GitHub
.

Set Client ID
and Client secret
to the values you copied from GitHub.

Set Auth URL
to https://github.com/login/oauth/authorize
.

Set Token URL
to https://github.com/login/oauth/access_token
.

Click Save
.

Prisma Cloud to GitHub user identity mappings

Create a Prisma Cloud user for each GitHub user that should have access to Prisma Cloud.

After the user is authenticated, Prisma Cloud uses the access token to query GitHub for the user’s information (user name, email). The user information returned from GitHub is compared against the information in the Prisma Cloud Console database to determine if the user is authorized. If so, a JWT token is returned.

Go to Manage > Authentication > Users
.

Click Add User
.

Set Username
to the GitHub user name.

Set Auth method
to OAuth
.

Select a role for the user.

Click Save
.

Test logging into Prisma Cloud Console.

Logout of Prisma Cloud.

On the login page, select OAuth
, and then click Login
.

Authorize the Prisma Cloud OAuth App to sign you in.

Prisma Cloud group to GitHub organization mappings

Use groups to streamline how Prisma Cloud roles are assigned to users. When you use groups to assign roles, you don’t have to create individual Prisma Cloud accounts for each user.

Groups can be associated and authenticated with by multiple identity providers.

Go to Manage > Authentication > Groups
.

Click Add Group
.

In Name
, enter the GitHub organization.

In Authentication method
, select External Providers
.

In Authentication Providers
, select OAuth group
.

Select a role for the members of the organization.

Click Save
.

Test logging into Prisma Cloud Console.

Logout of Prisma Cloud.

On the login page, select OAuth
, and then click Login
.

Authorize the Prisma Cloud OAuth App to sign you in.

Integrate with Windows Server 2016 & 2012r2 Active Directory Federation Services (ADFS) via SAML 2.0 federation

Integrate Prisma Cloud with OpenShift

Prisma Cloud Compute Edition Administrator’s Guide

Integrate Prisma Cloud with GitHub

Integrate Prisma Cloud with GitHub

Configure Github as an OAuth provider

Integrate Prisma Cloud with GitHub

Prisma Cloud to GitHub user identity mappings

Prisma Cloud group to GitHub organization mappings

Recommended For You