Strata Copilot
    Strata Multitenant Cloud Manager
    : Setup Prisma SASE App – Single Tenant
    Focus
    Download PDF
    Focus
    1. Home
    2. Secure Access Service Edge
    3. Strata Multitenant Cloud Manager
    4. Prisma SASE App for ServiceNow
    5. Setup Prisma SASE App – Single Tenant
    Download PDF

    Strata Multitenant Cloud Manager

    Setup Prisma SASE App – Single Tenant

    Table of Contents

    Setup Prisma SASE App – Single Tenant

    Contains instructions to setup prisma sase app in single tenant environment.
    Ensure you have the following:
    • Service account with admin privileges.
    • TSG ID, client ID, and client secret that were generated when creating the service account.
    • ServiceNow instance username and password with the system admin role.
    • Install ServiceNow IntegrationHub Starter Pack Installer Plugin
      The ServiceNow IntegrationHub Starter Pack Installer plugin enables IntegrationHub functionality in the instance, including IntegrationHub actions, and provides tools to easily connect ServiceNow with other systems and automate workflows using actions, subflows and flows.
    Install Security Incident Response Plugin (Optional)
    Security Incident Response (SIR) plugin is required for the management of security incidents in ServiceNow. It introduces the Security Incident [sn_si_incident] table, where all security incidents are stored and managed.
    Use the guided workflow to set up the Prisma SASE App for ServiceNow and integrate it with Strata Cloud Manager. The setup requires you to configure credentials and connection details that allow Prisma SASE to communicate with your ServiceNow instance.
    1. Access your ServiceNow Instance.
      1. Log in to your ServiceNow instance as an administrator.
      2. Select Prisma SASE APP for ServiceNowApp SetupBasic Settings.
    2. Configure Prisma SASE Connections.
      Prisma SASE connection configuration includes configuring the Prisma SASE platform credentials, application gateway URLs used to connect to Prisma SASE, connection alias.
      Although you can have multiple credentials and connections, only one credential and connection will be active at a time.
      1. Select Configure Prisma SASE Connections.
      2. Create Credentials.
        Credentials are details of the service account created in the Strata Cloud Manager. This credential will be used by the ServiceNow app to connect securely with Prisma SASE.
        1. Select Create CredentialsConfigureNew.
        2. Specify the TSG ID, Client ID, and Client Secret.
        3. Submit the configuration.
        4. Mark as Complete.
      3. (Optional) Create Connection Alias.
        A connection alias is a defined label that represents a specific combination of credentials and connection details. It allows ServiceNow integrations to reference the alias rather than using the credentials and connection information directly, providing consistency and simplifying configuration management.
        A default connection alias, Prisma SASE API, is available. If you choose to use this default alias, click Mark as Complete and proceed to the next step.
        If you want to create a new connection alias, perform the following:
        1. Select Create Connection AliasConfigureNew.
        2. Specify the following:
          • Name- Connection alias name.
          • Type- Connection and Credentials.
          • Connection type- HTTP.
        3. Submit the configuration.
        4. Mark as Complete.
      4. Create Connections.
        1. Select Create Connection AliasConfigureNewHTTP(s) Connection.
        2. Specify the following:
            • Name -Connection name.
            • Credential and Connection alias- Search and select the credential and connection alias that you created in the previous steps.
            • Connection URL- Prisma SASE API gateway URL.
        3. Submit the configuration.
        4. Mark as Complete.
    3. Configure ServiceNow Credentials.
      These are the credentials that will be used by the Prisma SASE to securely connect to the ServiceNow instance and access Incidents, Alerts, and tickets.
      Although you can have multiple ServiceNow credentials, only one credential will be active at a time.
      1. Select Configure ServiceNow CredentialsConfigureNew.
      2. Specify the Name, ServiceNow Instance UserName, and ServiceNow Instance Password.
      3. Submit the configuration.
      4. Mark as Complete.
    4. Skip Execute Scheduled Jobs.
      You can Skip or Mark as Complete. The scheduled jobs defined here fetch multi-tenant data from Prisma SASE, which is not required in a single-tenant environment.
    5. Skip Customize Configuration
      You can Skip or Mark as Complete.
      By default, the following configurations are provided. You can review them to understand the mappings or modify them if needed:
      • Prisma SASE and ServiceNow incident status field mapping.
      • Prisma SASE and ServiceNow incident severity field mapping.
      • Prisma SASE and ServiceNow incident data field mapping.
      Ensure to mark Steps 2 to 5 as complete or skip them. Only when the completion status reaches 100%, the connection between the ServiceNow instance and Prisma SASE will be established.
    6. After you set up the app, you need to create a user for the tenant and assign the required roles and permissions. This account will be used by the tenant to log into the ServiceNow instance.
      1. Create a new user for the tenant.
        1. Select OrganizationUsersNew.
        2. Specify the Name, User ID, and Email.
        3. Submit to create a new user.
      2. Assign roles
        1. Search for the newly added user by name.
        2. Select the user.
        3. Select RolesEdit.
        4. Search and add the roles based on the user's responsibility.
          For details about the roles and their permissions, see Roles and Permissions.
        5. Save the user.

    © 2025 Palo Alto Networks, Inc. All rights reserved.