Configure SSO with Just-in-time Provisioning on Okta.
To successfully set up local administrators
on the fly with Just-in-Time (JIT) provisioning, you need to configure
the Prisma Cloud app for Okta to provide the SAML claims or assertions
that enable Prisma Cloud to add the authenticated SSO user on Prisma
Cloud. Then, to ensure that the SSO user has the correct access
privileges on Prisma Cloud, you need to assign a Prisma Cloud role
to the user; if this role is not a default role on Prisma Cloud,
you must define the role before you assign the role to the user
on Okta. A use case for this is if you need to provision a user
just in time, but the user doesn’t exist in Prisma Cloud.
For JIT provisioning of the user, create a custom attribute
on the Prisma Cloud Okta app.
If you need to add custom mandatory fields, follow these steps.
the Prisma Cloud application that you want to add the custom attribute
to. For example,
is a Prisma
After you found the Prisma Cloud app, select
and enter a
, and an
that is long enough to accommodate the role names
on Prisma Cloud.
If you have multiple roles, select
that you will have an array, or group of strings to represent your
role names in Prisma Cloud.
the new attribute.
Verify that the role has been added.
After you saved the new attribute you should see it display
in the Okta UI as a table with its associated data. In this example,
the display name of the new attribute.
on the Prisma Cloud
Specify the user attributes in the SAML assertion or claim
that Prisma Cloud can use to create the local user account.
Select the Prisma Cloud
to add the attribute statements.
the name of the Prisma Cloud app you want to configure the attribute
statements for. You must provide the
name for each user.
attribute statement names should map to the values that you have
in Time (JIT) Provisioning
Assign the Prisma Cloud role for each SSO user.
Each SSO user who is granted access to Prisma Cloud, can have
between one to five Prisma Cloud roles assigned. Each role determines
the permissions and account groups that the user can access on Prisma
Select the Prisma Cloud app and Assignments.
users, click the pencil icon to add the Prisma Cloud Role you want
to give this user. For example, System Admin.
the user you want to give access to Prisma Cloud and define the
Prisma Cloud Role you want to give this user.