Add Administrative Users On Prisma Cloud

Enable administrative access to Prisma Cloud by adding users and assigning one or more roles.
To provide administrative access to Prisma Cloud—admin and API—you must add
users
locally on Prisma Cloud. You can choose whether you want these administrators to use Palo Alto Networks Customer Support Portal (CSP) credentials to log in or SSO using a third-party Identity Service Provider.
If you want to use Palo Alto Networks Customer Support Portal (CSP) credentials, when you add the email address for a user who already has a support account with Palo Alto Networks, they can just log in to Prisma Cloud using the Prisma Cloud URL or from the Prisma Cloud tile on hub.If you Set up SSO Integration on Prisma Cloud with an Identity Service Provider who supports SAML, you can configure Just-in-Time Provisioning (JIT) to create a local account on the fly, instead of creating the account in advance on Prisma Cloud. With JIT, you do not need to manually create a local user account.
The following instructions are for manually adding a local user account on Prisma Cloud.
  1. Select
    Settings
    Users
    and click
    + Add New
    .
    add-new-admin.png
  2. Enter
    First Name
    ,
    Last Name
    , and
    Email
    of the user.
    For a user who has a Palo Alto Networks CSP account, you must enter that the email address that is associated with the CSP account so that they can log in as soon as you save the changes. If the user does not have a CSP account, as soon as you add them here and save your changes, they will receive two emails. One email to activate the CSP account and another email with a link to get started with Prisma Cloud.
  3. Assign Roles
    to the user.
    You can assign up to five roles to a user, and must select one as the
    Default Role
    . See Prisma Cloud Administrator Roles for the different permission groups and associated permissions. Users with multiple roles can use the Profile to switch between roles. The default role is marked with a star.
    profile-role-swticher.png
    The role assumed by the user is tied to policies, saved searches, saved alert filters, and recurring compliance reports that do not have a cloud account selected. These objects are available to any other user who has the same role, and it is not tied to the specific user.
  4. Specify a
    Time Zone
    for the user and click
    Save
    .
  5. Decide whether to
    Allow user to create API Access Keys
    .
    By default, API access is enabled for the System Admin role only. When you add a new administrator, decide whether or not you want to enable API access for the other roles; the key icon in the API Access column indicates that the administrator has API access, and can create up to two access keys per role on Prisma Cloud. See Create and Manage Access Keys for more information.
    add-new-admin-complete.png
  6. After you add an administrator, you can edit or delete the user or modify permissions to add additional roles.
    When you delete an administrator or modify the role, all the access keys associated with the user and role are deleted immediately.
    • To edit the details of an user, click the record and change the details.
    • To disable an user, toggle the
      Status
      of the user.
      manage-users.png
    • To delete an user, hover over the user and click
      Delete
      .

Recommended For You