Register an App on Azure Active Directory
Create an app registration (service principal) on Azure portal so that you can manually onboard your Azure AD tenant or subscription to Prisma Cloud.
Register a new application using Azure Active Directory (Azure AD) so that you can manually connect your Azure AD tenant or subscriptions to Prisma™ Cloud and monitor it for security vulnerabilities and ensure compliance.
- Register an app on Azure Active Directory (Azure AD).To register an app on Azure AD, ensure that you have access to the following prerequisites:
- A Prisma Cloud tenant with permissions to onboard a cloud account.
- Access to Azure portal with the permissions to:
- Create an app registration (service principal).
- Create a custom role.
- Assign IAM roles at the tenant root level.
- Assign GraphAPI permissions at the tenant level.
- Grant admin consent for Azure AD Graph APIs.
- Follow the instructions in the Azure Cloud Account Onboarding Checklist to elevate access for a Global Administrator.
- Register a new app.
- Log in to Azure portal.
- Select.Azure Active DirectoryApp registrations+ New registration
- Enter the application name.
- Select the supported account types.You have the options of choosing from single tenant, multitenant, multitenant and personal Microsoft accounts, or personal Microsoft accounts only.
- Optional—Enter the Redirect URI.The authentication response of the app will be returned to this URI.
- CopyApplication (client) IDandDirectory (tenant) IDto a secure location on your computer. You will later enter these details into the Prisma Cloud UI.
- Create the client secret.The client secret is a secret string that the application uses to prove its identity when requesting a token.
Make sure that you copyValueand notSecret ID.
- Select.Certificates & secrets+ New client secret
- Enter a clientDescription, selectExpiresto configure how long the client secret lasts, andAdd.
- CopyValueto a secure location.
- Get the Object ID.
- Select, and search for the app you previously created in the search box.Azure Active DirectoryEnterprise applications
- CopyObject IDto a secure location on your computer.Make sure that you get theObject IDfor the Prisma Cloud application fromon the Azure portal—not fromEnterprise ApplicationsAll applicationsApp Registrations.
- Add roles to the root group.The following roles should be added to the root group:
- Reader and Data Access
- Network Contributor
- Storage Account Contributor
- To add these roles, clickHomeunder header to get back to azure portal.
- Add role assignment.
- Select.Management groupsTenant Root Group(your azure subscription)Access control (IAM)Role assignments+ AddAdd role assignment
- Search by role—Enter the name of the role you want to search for in the search box—for example—reader. Click on the role name in the results, and thenNext.
- Select members—ModifyAssign access toto assign the role to aUser, group, or service principal—or—Managed identity. Click+Select membersand then type in the name of the app you previously created in the search box to assign the role to your app. ClickSelectand thenNext.
- ClickReview + assign.
- Repeat these steps to add theReader and Data Access,Network Contributor, andStorage Account Contributorroles.
- Verify that all the roles have been added.
- SelectRole assignments.
- Enter the name of your app in the search form and view the roles that have been added.
- Add the Microsoft Graph APIs.
- Navigate to the app you previously registered.Select, and select your app.Azure Active DirectoryApp registrations
- Navigate to Microsoft Graph.Select.API permissions+ Add a permissionMicrosoft GraphApplication permissions
- Add the permissions.Enter the permission name inSelect permissions, and select the name fromPermission.Add the following permissions:
- Grant admin consent for Default Directory.
- Select.Grant admin consent for Default DirectoryYes
- Verify that the permissions are granted.You should see green check marks under theStatuscolumn.
Recommended For You
Recommended videos not found.