Set up Just-in-Time Provisioning on Okta

Configure SSO with Just-in-time Provisioning on Okta.
To successfully set up local administrators on the fly with Just-in-Time (JIT) provisioning, you need to configure the Prisma Cloud app for Okta to provide the SAML claims or assertions that enable Prisma Cloud to add the authenticated SSO user on Prisma Cloud. Then, to ensure that the SSO user has the correct access privileges on Prisma Cloud, you need to assign a Prisma Cloud role to the user; if this role is not a default role on Prisma Cloud, you must define the role before you assign the role to the user on Okta.
  1. Create the Prisma Cloud App for Okta.
    If you have not already created the SAML app for Prisma Cloud on Okta , see Steps 2 and 3 in Set up SSO Integration on Prisma Cloud.
  2. For JIT, create a custom attribute on the Prisma Cloud Okta app.
    1. Go to
      Profile Editor
    2. Find the Prisma Cloud app and select
      , and
      Add Attribute
      Enter a display name, a variable name, and an attribute length that is long enough to accommodate the role names on Prisma Cloud.
  3. Configure the
    Attribute Statements
    on the Prisma Cloud Okta app.
    Specify the user attributes in the SAML assertion or claim that Prisma Cloud can use to create the local user account.
    1. Select
    2. Select the Prisma Cloud app,
      and edit the
      SAML Settings
      to add the attribute statements.
      You must provide the email, role, first name, and last name for each user. Timezone is optional.
  4. Assign the Prisma Cloud role for each SSO user.
    Each SSO user who is granted access to Prisma Cloud, can have between one to five Prisma Cloud roles assigned. Each role determines the permissions and account groups that the user can access on Prisma Cloud.
    1. Select
    2. Select the Prisma Cloud app and Assignments.
      For existing users, click the pencil icon to add the Prisma Cloud Role you want to give this user. For example, System Admin.
      For new users, select
      Assign to People
      , click
      for the user you want to give access to Prisma Cloud and define the Prisma Cloud Role you want to give this user.

Recommended For You