1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Inline
    5. Get Started with SaaS Security Inline
    6. Manage SaaS Security Inline Administrators
    7. Add SaaS Security Inline Administrators

    Add SaaS Security Inline Administrators

    Create additional administrator accounts with specific privileges on SaaS Security Inline.
    Initially, to create new administrator accounts for SaaS Security Inline access, log in as the administrator assigned to the user specified in the activation email. With this default account, you can create additional administrator accounts. Unlike for SaaS Security API, there are no unique roles for SaaS Security Inline; instead SaaS Security Inline uses a subset of those roles to enforce SaaS Security Inline role permissions.
    • If you add an administrator with an email that
      already exists
       in Customer Support Portal (CSP), that administrator’s SaaS Security account will be linked to the administrator’s CSP account.
    • If you add an administrator with an email that
      does not exist
       in CSP, then an account will be automatically created for the administrator on SaaS Security Inline, as well as an account in CSP tied to your organization.
    Learn about the roles required based on your platform:

    Access SaaS Security Features for Cloud Managed Prisma Access

    For Cloud Managed Prisma Access, you must have both a Hub account with the privileges provided by a Hub role and an administrator account on SaaS Security Inline.
    SaaS Admin
     can access SaaS Security settings but cannot push configuration changes to Cloud Managed Prisma Access.
    The following Hub roles enable administrators to collaborate on SaaS Security:
    Action
    SaaS Admin
    Data Security Admin
    Web Security Admin
    Security Admin
    Configure SaaS Security settings
    Yes
    Yes
    No
    Yes
    View SaaS Security settings
    Yes
    Yes
    Yes
    Yes
    Author and submit rule recommendations
    Yes
    Yes
    No
    Yes
    Import rule recommendations
    No
    No
    Yes
    Yes
    Push rule recommendations
    No
    No
    No
    Yes
    1. Navigate to SaaS Security Inline.
    2. Select
      Settings
      Admin Accounts
       and
      Add Administrator
      .
    3. Enter the
      Name
       and
      Email
       address of the new administrator.
    4. Choose an
      Authentication Type
      :
      • Single Sign-On (SSO)
        PAN SSO enables you to grant administrator access with seamless authentication using a single set of credentials. This option eliminates the need for application or service specific passwords. If you enable SSO, you do not have to create administrator accounts on the local database.
      • Local Authentication
        —Local authentication grants access to SaaS Security after administrator successfully presents a password.
      Local authentication is not supported for SaaS Security activated on the hub.
    5. Select the administrative
      Role
      :
      You can select any of the following predefined roles.
      • Super Admin
        —A read-write (
        Full Control
        ) administrator account that allows full functionality within SaaS Security Inline, including creating administrator accounts and assigning administrator roles.
      • Admin
        —A read-write administrator account that allows full functionality within SaaS Security Inline, including the ability to create policy recommendations and create additional administrator accounts.
      • Limited Admin
        —An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
      • Read Only
        —An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. However, this administrator cannot make changes. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
    6. Select the default
      Language
       for the new administrator.
    7. Save
       your changes.
      To verify an administrator’s privileges, use
      Search name or email
       or use the
      Roles
       filter. You can also download a CSV file to view the complete list of all administrative users configured on SaaS Security.

    Access SaaS Security Inline Features for NGFW and Panorama Managed Prisma Access

    To enable administrators to collaborate on SaaS Security, each administrator requires the necessary permissions on both the security platform and SaaS Security. Presumably you’ve already assigned your firewall administrators to an appropriate firewall admiistrator role or Panorama Managed Prisma Access administrator role. The next step is to add administrators to SaaS Security so that they can access the necessary SaaS Security Inline features.
    1. Navigate to SaaS Security Inline.
    2. Select
      Settings
      Admin Accounts
       and
      Add Administrator
      .
    3. Enter the
      Name
       and
      Email
       address of the new administrator.
    4. Choose an
      Authentication Type
      :
      • Single Sign-On (SSO)
        PAN SSO enables you to grant administrator access with seamless authentication using a single set of credentials. This option eliminates the need for application or service specific passwords. If you enable SSO, you do not have to create administrator accounts on the local database.
      • Local Authentication
        —Local authentication grants access to SaaS Security after administrator successfully presents a password.
      Local authentication is not supported for SaaS Security activated on the hub.
    5. Select the administrative
      Role
      :
      You can select any of the following predefined roles.
      • Super Admin
        —A read-write (
        Full Control
        ) administrator account that allows full functionality within SaaS Security Inline, including creating administrator accounts and assigning administrator roles.
      • Admin
        —A read-write administrator account that allows full functionality within SaaS Security Inline, including the ability to create policy recommendations and create additional administrator accounts.
      • Limited Admin
        —An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
      • Read Only
        —An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. However, this administrator cannot make changes. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
    6. Select the default
      Language
       for the new administrator.
    7. Save
       your changes.
      To verify an administrator’s privileges, use
      Search name or email
       or use the
      Roles
       filter. You can also download a CSV file to view the complete list of all administrative users configured on SaaS Security.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo