Access Prisma Cloud

The Prisma Cloud Console can be accessed via the graphical user interface and the application programming interface (API).
The Prisma Cloud Console supports the following authentication methods:
  • Username / Password
  • Lightweight Directory Access Protocol (LDAP)
  • Security Assertion Markup Language v2.0 (SAML2.0)
  • X.509 smart cards
Prisma Cloud can apply password complexity rules for user accounts created within Prisma Cloud. For the authentication of external identities, Prisma Cloud supports LDAP and SAML 2.0. LDAP authentication supports the OpenLDAP and Active Directory directories. Prisma Cloud Console can be configured as an SAML 2.0 Service Provider. The SAML 2.0 Identity Providers that have been successfully federated with the Prisma Cloud Console are Okta, G Suite, Ping, Shibboleth and Azure Active Directory. Smart card authentication to the Prisma Cloud Console requires configuring Prisma Cloud with the smart card’s chain of trust and matching the smart card’s SubjectAlternativeName’s PrincipalName value to user’s corresponding Prisma Cloud username.
Prisma Cloud supports group based authorization and defines the following roles:
Access Level
Full read-write access to all Prisma Cloud settings and data
Read-write access to all rules and data. Read-only access to user and group management and role assignments.
Defender Manager
Read-only access to all rules and data. Can install / uninstall Prisma Cloud Defenders Used for Automating Defender installs via Bearer Token or Basic Auth
Read-only access to all Prisma Cloud rules and data.
DevOps User
Read-only access to vulnerability scan data
Access User
Install personal certificates required for access to Defender protected nodes.
CI User
Run the Continuous Integration plugin. No Prisma Cloud Console access.
Group membership can be assigned within the Prisma Cloud Console, as an SAML 2.0 role claim, or LDAP group membership value.

Recommended For You