1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Microsegmentation Administrator's Guide
    5. Concepts
    6. App credentials and tokens

    App credentials and tokens

    App credentials

    Each Microsegmentation Console has its own private certificate authority (CA) capable of issuing X.509 certificates to authorized clients upon request. It uses public-private key cryptography to ensure that private keys never travel the wire. Authorized clients can use X.509 certificates issued by the Microsegmentation Console CA to access the Microsegmentation Console API. We call these app credentials. They allow the client:
    • Access to the authorized namespace and its children
    • Read-write permissions as per Microsegmentation role
    App credentials expire ten years from the date of issuance. They require a mutual TLS connection to the Microsegmentation Console. TLS-intercepting middleboxes must be configured to exclude communications between the client and the Microsegmentation Console.

    Microsegmentation tokens

    The Microsegmentation Console also issues and accepts Microsegmentation tokens (JSON web tokens) for authentication. You can set various restrictions such as limited permissions and short validity to reduce risk from man-in-the-middle attacks.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo