1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Manage Prisma Cloud Administrators
    6. Set up SSO Integration on Prisma Cloud
    7. Set up Just-in-Time Provisioning on OneLogin

    Set up Just-in-Time Provisioning on OneLogin

    Configure SSO with Just-in-time Provisioning on OneLogin.
    To successfully set up local administrators on the fly with Just-in-Time (JIT) provisioning, you need to configure the Prisma Cloud app for OneLogin to provide the SAML responses that enable Prisma Cloud to add the authenticated SSO user on Prisma Cloud. Then, to ensure that the SSO user has the correct access privileges on Prisma Cloud, you need to assign a Prisma Cloud role to the user; if this role is not a default role on Prisma Cloud, you must define the role before you assign the role to the user on OneLogin.
    1. Create the Prisma Cloud App for OneLogin.
      If you have not already created the SAML app for Prisma Cloud on OneLogin, see Setup OneLogin SSO on Prisma Cloud.
    2. For JIT, create a custom role in OneLogin.
      1. Log in to OneLogin as an Administrator and select
        Administration
        .
      2. Navigate to
        Users
        Roles
        .
      3. New Role
        .
      4. Enter a
        Name
         for the Role. The role name should match the roles available on Prisma Cloud, for example System Admin.
      5. Click the checkmark to register the role name and select the application to which this role will be made available.
      6. Save
    3. Add users to a role.
      1. In OneLogin, select
        Administration
        .
      2. Navigate to
        Users
        Roles
         and select the role to which you want to add the users.
      3. Click
        Users
         and use automatic (filter-based) or manual-based option to add new users to the role.
    4. Configure the JIT attributes on the Prisma Cloud OneLogin app.
      1. In OneLogin, select
        Administration
        .
      2. Click
        Applications
         and select the app you created as the application to modify, for example Prisma Trial.
      3. Select
        Parameters
         and click
        +
         to add a new parameter.
      4. Enter a
        Field name
         and select the appropriate flags. For example, in case of Roles, also select Multi-value parameter.
      5. Save
        .
      6. Based on the field name you entered, select the correct attribute from the drop-down.
      7. Make sure to configure all the attributes required by Prisma Cloud, such as email, role, first name, and last name for each user.
    5. Enable JIT.
      1. Log in to Prisma Cloud and select
        Settings
        SSO
        .
      2. Under Just in Time (JIT) Provisioning,
        Enable JIT Provisioning
        .
      3. Enter the value of the attributes. These are the attribute names from Step 4 above.
      4. Save
         to enable JIT for the user.
    6. Validate JIT.
      1. Log in to OneLogin portal as a user who is not yet provisioned in Prisma Cloud. Make sure all the attributes, including Prisma specific role has been configured for this user.
      2. Click
        Prisma App
         from the dashboard to log directly in to the Prisma Cloud instance.
      3. Log in to Prisma Cloud as an Administrator and select
        Settings
        Users
         to validate that the above user is provisioned.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo