Integrate Prisma Cloud with Okta
Table of Contents
Prisma Cloud Enterprise Edition
Expand all | Collapse all
-
- Prisma Cloud
- Prisma Cloud License Types
- Prisma Cloud—How it Works
- Get Prisma Cloud From the AWS Marketplace
- Get Prisma Cloud From the GCP Marketplace
- Access Prisma Cloud
- Prisma Cloud—First Look
- Prisma Cloud—Next Steps
- Enable Access to the Prisma Cloud Console
- Access the Prisma Cloud REST API
- Prisma Cloud FAQs
-
- Cloud Account Onboarding
-
- Onboard Your AWS Organization
- Onboard Your AWS Account
- Configure Audit Logs
- Configure Flow Logs
- Configure Data Security
- Configure DNS Logs
- Configure Findings
- Update an Onboarded AWS Organization
- Add AWS Member Accounts on Prisma Cloud
- Update an Onboarded AWS Account
- Update an Onboarded AWS Account to AWS Organization
- AWS APIs Ingested by Prisma Cloud
- Troubleshoot AWS Onboarding Errors
- Prisma Cloud on AWS China
- Manually Set Up Prisma Cloud Role for AWS Accounts
- Automate AWS Cloud Accounts Onboarding
-
- Connect your Azure Account
- Connect your Azure Tenant
- Connect an Azure Subscription
- Connect an Azure Active Directory Tenant
- Authorize Prisma Cloud to access Azure APIs
- Update Azure Application Permissions
- View and Edit a Connected Azure Account
- Troubleshoot Azure Account Onboarding
- Microsoft Azure API Ingestions and Required Permissions
-
- Prerequisites to Onboard GCP Organizations and Projects
- Onboard Your GCP Organization
- Onboard Your GCP Projects
- Flow Logs Compression on GCP
- Enable Flow Logs for GCP Organization
- Enable Flow Logs for GCP Project
- Update an Onboarded GCP Account
- Create a Service Account With a Custom Role
- GCP API Ingestions
- Cloud Service Provider Regions on Prisma Cloud
-
- Prisma Cloud Administrator Roles
- Create and Manage Account Groups on Prisma Cloud
- Create Prisma Cloud Roles
- Create Custom Prisma Cloud Roles
- Prisma Cloud Administrator Permissions
- Manage Roles in Prisma Cloud
- Add Administrative Users On Prisma Cloud
- Add Service Accounts On Prisma Cloud
- Create and Manage Access Keys
- Manage your Prisma Cloud Profile
-
- Get Started
- Set up ADFS SSO on Prisma Cloud
- Set up Azure AD SSO on Prisma Cloud
- Set up Google SSO on Prisma Cloud
- Set up Just-in-Time Provisioning on Google
- Set up Okta SSO on Prisma Cloud
- Set up Just-in-Time Provisioning on Okta
- Set up OneLogin SSO on Prisma Cloud
- Set up Just-in-Time Provisioning on OneLogin
- View and Forward Audit Logs
- Define Prisma Cloud Enterprise and Anomaly Settings
- Add a Resource List on Prisma Cloud
- Adoption Advisor
-
- Prisma Cloud Alerts and Notifications
- Trusted IP Addresses on Prisma Cloud
- Enable Prisma Cloud Alerts
- Create an Alert Rule for Run-Time Checks
- Configure Prisma Cloud to Automatically Remediate Alerts
- Send Prisma Cloud Alert Notifications to Third-Party Tools
- View and Respond to Prisma Cloud Alerts
- Suppress Alerts for Prisma Cloud Anomaly Policies
- Generate Reports on Prisma Cloud Alerts
- Alert Payload
- Prisma Cloud Alert Resolution Reasons
- Alert Notifications on State Change
- Create Views
-
- Prisma Cloud Integrations
- Integrate Prisma Cloud with Amazon GuardDuty
- Integrate Prisma Cloud with Amazon Inspector
- Integrate Prisma Cloud with Amazon S3
- Integrate Prisma Cloud with AWS Security Hub
- Integrate Prisma Cloud with Amazon SQS
- Integrate Prisma Cloud with Azure Service Bus Queue
- Integrate Prisma Cloud with Cortex XSOAR
- Integrate Prisma Cloud with Google Cloud Security Command Center (SCC)
- Integrate Prisma Cloud with Jira
- Integrate Prisma Cloud with Microsoft Teams
- Integrate Prisma Cloud with PagerDuty
- Integrate Prisma Cloud with Qualys
- Integrate Prisma Cloud with ServiceNow
- Integrate Prisma Cloud with Slack
- Integrate Prisma Cloud with Splunk
- Integrate Prisma Cloud with Tenable
- Integrate Prisma Cloud with Webhooks
- Prisma Cloud Integrations—Supported Capabilities
-
- What is Prisma Cloud IAM Security?
- Enable IAM Security
- Investigate IAM Incidents on Prisma Cloud
- Cloud Identity Inventory
- Create an IAM Policy
- Integrate Prisma Cloud with IdP Services
- Integrate Prisma Cloud with Okta
- Integrate Prisma Cloud with AWS IAM Identity Center
- Remediate Alerts for IAM Security
- Context Used to Calculate Effective Permissions
Integrate Prisma Cloud with Okta
Prisma Cloud integrates with the identity provider (IdP) service known as Okta to ingest single sign-on (SSO) data for the effective permissions calculation in the IAM Security module. After the integration, you will be able to list the effective permissions of your Okta users across your cloud accounts by using the IAM query and gain better visibility and governance into the entities accessing your cloud resources.
- Okta integration is only available with a subscription of the IAM Security module. Learn how to get a 30-day free trial.
- For AWS, Prisma Cloud supports a 1:1 mapping between the Okta app and your AWS account. If you have onboarded more than one AWS account on Prisma Cloud, you must create additional instances of the Okta app and generate API keys for each AWS account for which you want to ingest single sign-on (SSO) data.
- Log in to your Okta administrator panel.
- Access your Okta tenant.The typical URL is the tenant name as a sub domain followed byokta.com. For example:companyname.okta.com.
- Enter yourusernameandpasswordandSign In.
- Check that you are on theClassic UIview.
- Add an administrator role.
- From the top menu navigate to.SecurityAdministrators
- ClickAdd Administrator.
- Select your user under theGrant administrator role tofield.
- SelectRead Only Administratorunder theAdministrator rolessection.
- ClickAdd Administrator.
- Generate an API token.API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data.
- From the top menu navigate to.SecurityAPI
- SelectTokens.
- ClickCreate Tokenand underGrant administrator roleselect your user.
- Enter a name for your token and clickCreate Token.
- Upon successful completion the messageToken created successfullywill display, along with a generated token that is associated with the current user.
- Configure Okta with Prisma Cloud.After you generate the API token, you can use it to connect your Prisma Cloud account to Okta.
- In Prisma Cloud navigate to.SettingsIntegrations
- Click+Add New.
- ClickIntegration Typeand selectOkta.
- Enter yourDescription.
- Enter yourDomain.
- Enter yourAPI Token.
- ClickTestto verify that the integration was successful.
- ClickSave.
- Run the IAM queries for Okta.After Okta is integrated with Prisma Cloud, you will now be able to see the results of the IAM queries for Okta and gain visibility and governance into your cloud environment.
- View all the RQL attributes for Okta.Enter the following RQL query on theInvestigatetab.config from iam where source.idp
- Use auto complete to build your idp RQL query.Select the attribute that you want to add to your RQL query. For example, if you selectsource.idp.username, then the results will return all the Okta users in your cloud environment.
- View the results.Click the magnifying glass icon to render the results.