: Integrate Prisma Cloud with Okta
Focus
Focus

Integrate Prisma Cloud with Okta

Table of Contents

Integrate Prisma Cloud with Okta

Prisma Cloud integrates with the identity provider (IdP) service known as Okta to ingest single sign-on (SSO) data for the effective permissions calculation in the IAM Security module. After the integration, you will be able to list the effective permissions of your Okta users across your cloud accounts by using the IAM query and gain better visibility and governance into the entities accessing your cloud resources.
  • Okta integration is only available with a subscription of the IAM Security module. Learn how to get a 30-day free trial.
  • For AWS, Prisma Cloud supports a 1:1 mapping between the Okta app and your AWS account. If you have onboarded more than one AWS account on Prisma Cloud, you must create additional instances of the Okta app and generate API keys for each AWS account for which you want to ingest single sign-on (SSO) data.
  1. Log in to your Okta administrator panel.
    1. Access your Okta tenant.
      The typical URL is the tenant name as a sub domain followed by
      okta.com
      . For example:
      companyname.okta.com
      .
    2. Enter your
      username
      and
      password
      and
      Sign In
      .
    3. Check that you are on the
      Classic UI
      view.
  2. Add an administrator role.
    1. From the top menu navigate to
      Security
      Administrators
      .
    2. Click
      Add Administrator
      .
    3. Select your user under the
      Grant administrator role to
      field.
    4. Select
      Read Only Administrator
      under the
      Administrator roles
      section.
    5. Click
      Add Administrator
      .
  3. Generate an API token.
    API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data.
    1. From the top menu navigate to
      Security
      API
      .
    2. Select
      Tokens.
    3. Click
      Create Token
      and under
      Grant administrator role
      select your user.
    4. Enter a name for your token and click
      Create Token
      .
    5. Upon successful completion the message
      Token created successfully
      will display, along with a generated token that is associated with the current user.
  4. Configure Okta with Prisma Cloud.
    After you generate the API token, you can use it to connect your Prisma Cloud account to Okta.
    1. In Prisma Cloud navigate to
      Settings
      Integrations
      .
    2. Click
      +Add New
      .
    3. Click
      Integration Type
      and select
      Okta
      .
    4. Enter your
      Description
      .
    5. Enter your
      Domain
      .
    6. Enter your
      API Token
      .
    7. Click
      Test
      to verify that the integration was successful.
    8. Click
      Save
      .
  5. Run the IAM queries for Okta.
    After Okta is integrated with Prisma Cloud, you will now be able to see the results of the IAM queries for Okta and gain visibility and governance into your cloud environment.
    1. View all the RQL attributes for Okta.
      Enter the following RQL query on the
      Investigate
      tab.
      config from iam where source.idp
    2. Use auto complete to build your idp RQL query.
      Select the attribute that you want to add to your RQL query. For example, if you select
      source.idp.username
      , then the results will return all the Okta users in your cloud environment.
    3. View the results.
      Click the magnifying glass icon to render the results.

Recommended For You