Access Prisma Cloud
The Prisma Cloud Console can be accessed via the graphical user interface
and the application programming interface (API).
The Prisma Cloud Console supports the following authentication methods:
Lightweight Directory Access Protocol (LDAP)
Security Assertion Markup Language v2.0 (SAML2.0)
Prisma Cloud can apply password complexity rules for user accounts created
within Prisma Cloud. For the authentication of external identities,
Prisma Cloud supports LDAP and SAML 2.0. LDAP authentication supports the
OpenLDAP and Active Directory directories. Prisma Cloud Console can be
configured as an SAML 2.0 Service Provider. The SAML 2.0 Identity
Providers that have been successfully federated with the Prisma Cloud
Console are Okta, G Suite, Ping, Shibboleth and Azure Active Directory.
Smart card authentication to the Prisma Cloud Console requires configuring
Prisma Cloud with the smart card’s chain of trust and matching the smart
card’s SubjectAlternativeName’s PrincipalName value to user’s
corresponding Prisma Cloud username.
Prisma Cloud supports group based authorization and defines the following
roles:
| Full read-write access to all Prisma Cloud settings and data |
| Read-write access to all rules and data.
Read-only access to user and group management and role assignments. |
| Read-only access to all rules and data.
Can install / uninstall Prisma Cloud Defenders
Used for Automating Defender installs via Bearer Token or Basic Auth |
| Read-only access to all Prisma Cloud rules and data. |
| Read-only access to vulnerability scan data |
| Install personal certificates required for access to Defender protected nodes. |
| Run the Continuous Integration plugin.
No Prisma Cloud Console access. |
Group membership can be assigned within the Prisma Cloud Console, as an
SAML 2.0 role claim, or LDAP group membership value.
