Integrate Prisma Cloud with Okta

Prisma Cloud integrates with the identity provider (IdP) service known as Okta to ingest single sign-on (SSO) data for the effective permissions calculation in the IAM Security module. After the integration, you will be able to list the effective permissions of your Okta users across your cloud accounts by using the IAM query and gain better visibility and governance into the entities accessing your cloud resources.
  • Okta integration is only available with a subscription of the IAM Security module. Learn how to get a 30-day free trial.
  • For AWS, Prisma Cloud supports a 1:1 mapping between the Okta app and your AWS account. If you have onboarded more than one AWS account on Prisma Cloud, you must create additional instances of the Okta app and generate API keys for each AWS account for which you want to ingest single sign-on (SSO) data.
  1. Log in to your Okta administrator panel.
    1. Access your Okta tenant.
      The typical URL is the tenant name as a sub domain followed by
      . For example:
    2. Enter your
      Sign In
    3. Check that you are on the
      Classic UI
  2. Add an administrator role.
    1. From the top menu navigate to
    2. Click
      Add Administrator
    3. Select your user under the
      Grant administrator role to
    4. Select
      Read Only Administrator
      under the
      Administrator roles
    5. Click
      Add Administrator
  3. Generate an API token.
    API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data.
    1. From the top menu navigate to
    2. Select
    3. Click
      Create Token
      and under
      Grant administrator role
      select your user.
    4. Enter a name for your token and click
      Create Token
    5. Upon successful completion the message
      Token created successfully
      will display, along with a generated token that is associated with the current user.
  4. Configure Okta with Prisma Cloud.
    After you generate the API token, you can use it to connect your Prisma Cloud account to Okta.
    1. In Prisma Cloud navigate to
    2. Click
      +Add New
    3. Click
      Integration Type
      and select
    4. Enter your
    5. Enter your
    6. Enter your
      API Token
    7. Click
      to verify that the integration was successful.
    8. Click
  5. Run the IAM queries for Okta.
    After Okta is integrated with Prisma Cloud, you will now be able to see the results of the IAM queries for Okta and gain visibility and governance into your cloud environment.
    1. View all the RQL attributes for Okta.
      Enter the following RQL query on the
      config from iam where source.idp
    2. Use auto complete to build your idp RQL query.
      Select the attribute that you want to add to your RQL query. For example, if you select
      , then the results will return all the Okta users in your cloud environment.
    3. View the results.
      Click the magnifying glass icon to render the results.

Recommended For You