Integrate Prisma Cloud with Okta
Prisma Cloud integrates with the identity provider (IdP) service known as Okta to ingest single sign-on (SSO) data for the effective permissions calculation in the IAM Security module. After the integration, you will be able to list the effective permissions of your Okta users across your cloud accounts by using the IAM query and gain better visibility and governance into the entities accessing your cloud resources.
- Okta integration is only available with a subscription of the IAM Security module. Learn how to get a 30-day free trial.
- For AWS, Prisma Cloud supports a 1:1 mapping between the Okta app and your AWS account. If you have onboarded more than one AWS account on Prisma Cloud, you must create additional instances of the Okta app and generate API keys for each AWS account for which you want to ingest single sign-on (SSO) data.
- Log in to your Okta administrator panel.
- Access your Okta tenant.The typical URL is the tenant name as a sub domain followed byokta.com. For example:companyname.okta.com.
- Enter yourusernameandpasswordandSign In.
- Check that you are on theClassic UIview.
- Add an administrator role.
- From the top menu navigate to .
- ClickAdd Administrator.
- Select your user under theGrant administrator role tofield.
- SelectRead Only Administratorunder theAdministrator rolessection.
- ClickAdd Administrator.
- Generate an API token.API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data.
- From the top menu navigate to .
- SelectTokens.
- ClickCreate Tokenand underGrant administrator roleselect your user.
- Enter a name for your token and clickCreate Token.
- Upon successful completion the messageToken created successfullywill display, along with a generated token that is associated with the current user.
- Configure Okta with Prisma Cloud.After you generate the API token, you can use it to connect your Prisma Cloud account to Okta.
- In Prisma Cloud navigate to .
- Click+Add New.
- ClickIntegration Typeand selectOkta.
- Enter yourDescription.
- Enter yourDomain.
- Enter yourAPI Token.
- ClickTestto verify that the integration was successful.
- ClickSave.
- Run the IAM queries for Okta.After Okta is integrated with Prisma Cloud, you will now be able to see the results of the IAM queries for Okta and gain visibility and governance into your cloud environment.
- View all the RQL attributes for Okta.Enter the following RQL query on theInvestigatetab.config from iam where source.idp
- Use auto complete to build your idp RQL query.Select the attribute that you want to add to your RQL query. For example, if you selectsource.idp.username, then the results will return all the Okta users in your cloud environment.
- View the results.Click the magnifying glass icon to render the results.
