Integrate Prisma Cloud with Okta

Learn how to integrate Okta with Prisma Cloud so that you can see the permissions of users across your cloud accounts and increase your visibility.
Prisma Cloud integrates with the identity provider (IdP) service Okta to ingest single sign-on (SSO) data for the effective permissions calculation in the IAM Security module. After a short integration, you will be able to list the effective permissions of your Okta users across your cloud accounts by using the IAM query and gain better visibility and governance into the entities accessing your cloud resources. You will now be able to use the enhance functionality of RQL to get important answers to your most pressing identity management questions such as,
did this Okta user create an IAM user
? This answer highlights potential back doors into your cloud environment which helps you mitigate security breaches.
Okta integration is only available with a subscription of the IAM Security module. Learn how to get a 30-day free trial.
  1. Log in to your Okta administrator panel.
    1. Point your browser to your Okta tenant.
      The typical URL for organizations is the tenant name as a sub domain followed by
      okta.com
      —here is an example:
      companyname.okta.com
      .
    2. Enter your
      username
      and
      password
      .
    3. Click
      Sign In
      .
    4. Check that you are on the
      Classic UI
      view.
  2. Add an administrator role.
    1. From the top menu navigate to
      Security
      Administrators
      .
    2. Click
      Add Administrator
      .
    3. Select your user under the
      Grant administrator role to
      field.
    4. Select
      Read Only Administrator
      under the
      Administrator roles
      section.
    5. Click
      Add Administrator
      .
  3. Generate an API token.
    API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data.
    1. From the top menu navigate to
      Security
      API
      .
    2. Select
      Tokens.
    3. Click
      Create Token
      and under
      Grant administrator role
      select your user.
    4. Enter a name for your token and click
      Create Token
      .
    5. Upon successful completion the message
      Token created successfully
      will display, along with a generated token that is associated with the current user.
  4. Configure Okta with Prisma Cloud.
    After you generate the API token, you can use it to connect your Prisma Cloud account to Okta.
    1. In Prisma Cloud navigate to
      Settings
      Integrations
      .
    2. Click
      +Add New
      .
    3. Click
      Integration Type
      and select
      Okta
      .
    4. Enter your
      Description
      .
    5. Enter your
      Domain
      .
    6. Enter your
      API Token
      .
    7. Click
      Test
      to verify that the integration was successful.
    8. Click
      Save
      .
  5. Run the IAM queries for Okta.
    After Okta is integrated with Prisma Cloud, you will now be able to see the results of the IAM queries for Okta and gain visibility and governance into your cloud environment.
    1. View all the RQL attributes for Okta.
      Enter the following RQL query on the
      Investigate
      tab.
      config from iam where source.idp
    2. Use auto complete to build your idp RQL query.
      Select the attribute that you want to add to your RQL query. For example, if you select
      source.idp.username
      , then the results will return all the Okta users in your cloud environment.
    3. View the results.
    Click the magnifying glass icon to render the results.

Recommended For You