Configure SSO with Just-in-time Provisioning on Okta.
To successfully set up local administrators
on the fly with Just-in-Time (JIT) provisioning, you need to configure
the Prisma Cloud app for Okta to provide the SAML claims or assertions
that enable Prisma Cloud to add the authenticated SSO user on Prisma
Cloud. Then, to ensure that the SSO user has the correct access
privileges on Prisma Cloud, you need to assign a Prisma Cloud role
to the user; if this role is not a default role on Prisma Cloud,
you must define the role before you assign the role to the user
For JIT, create a custom attribute on the Prisma Cloud
Find the Prisma Cloud app and select
Enter a display
name, a variable name, and an attribute length that is long enough
to accommodate the role names on Prisma Cloud.
the Prisma Cloud Okta app.
Specify the user attributes in the SAML assertion or claim
that Prisma Cloud can use to create the local user account.
Select the Prisma Cloud app,
to add the attribute
You must provide the email, role, first name, and
last name for each user. Timezone is optional.
Assign the Prisma Cloud role for each SSO user.
Each SSO user who is granted access to Prisma Cloud, can have
between one to five Prisma Cloud roles assigned. Each role determines
the permissions and account groups that the user can access on Prisma
Select the Prisma Cloud app and Assignments.
users, click the pencil icon to add the Prisma Cloud Role you want
to give this user. For example, System Admin.
For new users,
the user you want to give access to Prisma Cloud and define the
Prisma Cloud Role you want to give this user.