Add Administrative Users On Prisma Cloud

Enable administrative access to Prisma Cloud by adding users and assigning one or more roles.
To provide administrative access to Prisma Cloud—admin and API—you must add
locally on Prisma Cloud. You can choose whether you want these administrators to use Palo Alto Networks Customer Support Portal (CSP) credentials to log in or SSO using a third-party Identity Service Provider.
If you want to use Palo Alto Networks Customer Support Portal (CSP) credentials, when you add the email address for a user who already has a support account with Palo Alto Networks, they can just log in to Prisma Cloud using the Prisma Cloud URL or from the Prisma Cloud tile on hub.If you Set up SSO Integration on Prisma Cloud with an Identity Service Provider who supports SAML, you can configure Just-in-Time Provisioning (JIT) to create a local account on the fly, instead of creating the account in advance on Prisma Cloud. With JIT, you do not need to manually create a local user account.
The following instructions are for manually adding a local user account on Prisma Cloud.
  1. Select
    and click
    + Add New
  2. Enter
    First Name
    Last Name
    , and
    of the user.
    For a user who has a Palo Alto Networks CSP account, you must enter the email address that is associated with the CSP account so that they can log in as soon as you save the changes. If the user does not have a CSP account, as soon as you add them here and save your changes, they will receive two emails. One email to activate the CSP account and another email with a link to get started with Prisma Cloud.
  3. Assign Roles
    to the user.
    You can assign up to fifty roles to a user, and must select one as the
    Default Role
    . See Prisma Cloud Administrator Roles for the different permission groups and associated permissions. Users with multiple roles can use the Profile to switch between roles. The default role is marked with a star.
    The role assumed by the user is tied to policies, saved searches, saved alert filters, and recurring compliance reports that do not have a cloud account selected. These objects are available to any other user who has the same role, and it is not tied to the specific user.
  4. Specify a
    Time Zone
    for the user and click
  5. Decide whether to
    Allow user to create API Access Keys
    By default, API access is enabled for the System Admin role only. When you add a new administrator, decide whether or not you want to enable API access for the other roles; the key icon in the API Access column indicates that the administrator has API access, and can create up to two access keys per role on Prisma Cloud. See Create and Manage Access Keys for more information.
  6. After you add an administrator, you can edit or delete the user or modify permissions to add additional roles.
    When you delete an administrator or modify the role, all the access keys associated with the user and role are deleted immediately.
    • To edit the details of an user, click the record and change the details.
    • To disable an user, toggle the
      of the user.
    • To delete an user, hover over the user and click
  7. Change the password for an administrative user.
    If you want to set a new password to periodically change it or if you are unable to log in because you forgot your password. As a security measure, if you enter an incorrect password five times, your account is locked and you must reset your password.
    1. Access the URL for your Prisma Cloud instance.
    2. Click the
      Forgot password
      You will receive an email at the registered email address (Step 2 above). Use the link in the email to set a new password.

Recommended For You