Add SaaS Security Inline Administrators
Create additional administrator accounts with specific
privileges on SaaS Security Inline.
Initially, to create new administrator accounts
for SaaS Security Inline access, log in as the administrator assigned
to the user specified in the activation email. With this default
account, you can create additional administrator accounts. Unlike
for SaaS Security API, there are no unique roles for SaaS Security
Inline; instead SaaS Security Inline uses a subset of those roles
to enforce SaaS Security Inline
role permissions.
- If you add an administrator with an email thatalready existsin Customer Support Portal (CSP), that administrator’s SaaS Security account will be linked to the administrator’s CSP account.
- If you add an administrator with an email thatdoes not existin CSP, then an account will be automatically created for the administrator on SaaS Security Inline, as well as an account in CSP tied to your organization.
Learn about the roles required based on
your platform:
Access SaaS Security Features for Cloud Managed Prisma Access
For Cloud Managed Prisma Access, you must
have both a Hub account with the privileges provided by a Hub role and an administrator
account on SaaS Security Inline.
SaaS Admin
can access
SaaS Security settings but cannot push configuration changes to
Cloud Managed Prisma Access.The following Hub roles enable administrators
to collaborate on SaaS Security:
Action | SaaS Admin | Data Security Admin | Web Security Admin | Security Admin |
---|---|---|---|---|
Configure SaaS Security settings | Yes | Yes | No | Yes |
View SaaS Security settings | Yes | Yes | Yes | Yes |
Author and submit rule recommendations | Yes | Yes | No | Yes |
Import rule recommendations | No | No | Yes | Yes |
Push rule recommendations | No | No | No | Yes |
- Navigate to SaaS Security Inline.
- SelectandSettingsAdmin AccountsAdd Administrator.
- Enter theNameandEmailaddress of the new administrator.
- Choose anAuthentication Type:
- Single Sign-On (SSO)—PAN SSO enables you to grant administrator access with seamless authentication using a single set of credentials. This option eliminates the need for application or service specific passwords. If you enable SSO, you do not have to create administrator accounts on the local database.
- Local Authentication—Local authentication grants access to SaaS Security after administrator successfully presents a password.
Local authentication is not supported for SaaS Security activated on the hub. - Select the administrativeRole:You can select any of the following predefined roles.
- Super Admin—A read-write (Full Control) administrator account that allows full functionality within SaaS Security Inline, including creating administrator accounts and assigning administrator roles.
- Admin—A read-write administrator account that allows full functionality within SaaS Security Inline, including the ability to create policy recommendations and create additional administrator accounts.
- Limited Admin—An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
- Read Only—An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. However, this administrator cannot make changes. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
- Select the defaultLanguagefor the new administrator.
- Saveyour changes.To verify an administrator’s privileges, useSearch name or emailor use theRolesfilter. You can also download a CSV file to view the complete list of all administrative users configured on SaaS Security.
Access SaaS Security Inline Features for NGFW and Panorama
Managed Prisma Access
To enable administrators to collaborate on SaaS
Security, each administrator requires the necessary permissions
on both the security platform and SaaS Security. Presumably you’ve
already assigned your firewall administrators to an appropriate firewall admiistrator role or Panorama Managed Prisma Access
administrator role. The next step is to add administrators
to SaaS Security so that they can access the necessary SaaS Security
Inline features.
- Navigate to SaaS Security Inline.
- SelectandSettingsAdmin AccountsAdd Administrator.
- Enter theNameandEmailaddress of the new administrator.
- Choose anAuthentication Type:
- Single Sign-On (SSO)—PAN SSO enables you to grant administrator access with seamless authentication using a single set of credentials. This option eliminates the need for application or service specific passwords. If you enable SSO, you do not have to create administrator accounts on the local database.
- Local Authentication—Local authentication grants access to SaaS Security after administrator successfully presents a password.
Local authentication is not supported for SaaS Security activated on the hub. - Select the administrativeRole:You can select any of the following predefined roles.
- Super Admin—A read-write (Full Control) administrator account that allows full functionality within SaaS Security Inline, including creating administrator accounts and assigning administrator roles.
- Admin—A read-write administrator account that allows full functionality within SaaS Security Inline, including the ability to create policy recommendations and create additional administrator accounts.
- Limited Admin—An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
- Read Only—An administrator account that allows the administrator to view SaaS visibility data and the SaaS Security Report for risk assessment. However, this administrator cannot make changes. For example, this administrator can view policy recommendations, but cannot apply predefined policy recommendations.
- Select the defaultLanguagefor the new administrator.
- Saveyour changes.To verify an administrator’s privileges, useSearch name or emailor use theRolesfilter. You can also download a CSV file to view the complete list of all administrative users configured on SaaS Security.
Recommended For You
Recommended Videos
Recommended videos not found.