Set up Just-in-Time Provisioning on Okta

Create the Prisma Cloud App for Okta.
If you have not already created the SAML app for Prisma Cloud on Okta, see steps 2 and 3 in Set up SSO Integration on Prisma Cloud.
For JIT provisioning of the user, create a custom attribute on the Prisma Cloud Okta app.
If you need to add custom mandatory fields, follow these steps.
Go to
Directory
Profile Editor
<apps>
.

Replace
<apps>
with the Prisma Cloud application that you want to add the custom attribute to. For example,
app.stage User
is a Prisma Cloud app.
After you found the Prisma Cloud app, select
Profile
, and
Add Attribute
.

Select a
data type
and enter a
display name
,
variable name
, and an
attribute length
that is long enough to accommodate the role names on Prisma Cloud.
If you have multiple roles, select
data type
string array
so that you will have an array, or group of strings to represent your role names in Prisma Cloud.
Save
the new attribute.
Verify that the role has been added.
After you saved the new attribute you should see it display in the Okta UI as a table with its associated data. In this example,
PrismaCloudRole
is the display name of the new attribute.

Configure the
Attribute Statements
on the Prisma Cloud Okta app.
Specify the user attributes in the SAML assertion or claim that Prisma Cloud can use to create the local user account.
Select
Applications
Applications
.
Select the Prisma Cloud
<app>
,
General
and click
Edit
under the
SAML Settings
heading to add the attribute statements.
Replace
<app>
with the name of the Prisma Cloud app you want to configure the attribute statements for. You must provide the
email
,
role
,
first
, and
last
name for each user.

The attribute statement names should map to the values that you have in
Settings
Access Control
SSO
Just in Time (JIT) Provisioning
.
Assign the Prisma Cloud role for each SSO user.
Each SSO user who is granted access to Prisma Cloud, can have between one to five Prisma Cloud roles assigned. Each role determines the permissions and account groups that the user can access on Prisma Cloud.
Select

Applications

Applications

Select the Prisma Cloud app and Assignments.

For existing users, click the pencil icon to add the Prisma Cloud Role you want to give this user. For example, System Admin.



For new users, select

Assign

Assign to People

, click

Assign

for the user you want to give access to Prisma Cloud and define the Prisma Cloud Role you want to give this user.


Continue with Set up Okta SSO on Prisma Cloud.