1. Overview

Prisma Cloud supports OAuth 2.0 as an authentication mechanism. GitHub users can log into Prisma Cloud Console using GitHub as an OAuth 2.0 provider.

Prisma Cloud supports the authorization code flow only.

2. Configure Github as an OAuth provider

Create an OAuth App in your GitHub organization so that users in the organization can log into Prisma Cloud using GitHub as an OAuth 2.0 provider.

  1. Log into GitHub as the organization owner.

  2. Go to Settings > Developer Settings > OAuth Apps, and click New OAuth App (or Register an application if this is your first app).

  3. In Application name, enter Prisma Cloud.

  4. In Homepage URL, enter the URL for Prisma Cloud Console in the format https://<CONSOLE>:<PORT>.

  5. In Authorization callback URL, enter https://<CONSOLE>:<PORT>/api/v1/authenticate/callback/oauth.

  6. Click Register application.

  7. Copy the Client ID and Client Secret, and set them aside setting up the integration with Prisma Cloud.

    oauth2 github oauth app

3. Integrate Prisma Cloud with GitHub

Set up the integration so that GitHub users from your organization can log into Prisma Cloud.

  1. Log into Prisma Cloud Console.

  2. Go to Manage > Authentication > Identity Providers > OAuth 2.0.

  3. Set Integrate Oauth 2.0 users and groups with Prisma Cloud to Enabled.

  4. Set Identity provider to GitHub.

  5. Set Client ID and Client secret to the values you copied from GitHub.

  6. Set Auth URL to https://github.com/login/oauth/authorize.

  7. Set Token URL to https://github.com/login/oauth/access_token.

  8. Click Save.

4. Prisma Cloud to GitHub user identity mappings

Create a Prisma Cloud user for each GitHub user that should have access to Prisma Cloud.

After the user is authenticated, Prisma Cloud uses the access token to query GitHub for the user’s information (user name, email). The user information returned from GitHub is compared against the information in the Prisma Cloud Console database to determine if the user is authorized. If so, a JWT token is returned.

  1. Go to Manage > Authentication > Users.

  2. Click Add User.

  3. Set Username to the GitHub user name.

  4. Set Auth method to OAuth.

  5. Select a role for the user.

  6. Click Save.

  7. Test logging into Prisma Cloud Console.

    1. Logout of Prisma Cloud.

    2. On the login page, select OAuth, and then click Login.

      oauth2 login
    3. Authorize the Prisma Cloud OAuth App to sign you in.

      oauth2 github authorization

4.1. Prisma Cloud group to GitHub organization mappings

Use groups to streamline how Prisma Cloud roles are assigned to users. When you use groups to assign roles, you don’t have to create individual Prisma Cloud accounts for each user.

Groups can be associated and authenticated with by multiple identity providers.

  1. Go to Manage > Authentication > Groups.

  2. Click Add Group.

  3. In Name, enter the the GitHub organization.

  4. In Authentication method, select External Providers.

  5. In Authentication Providers, select OAuth group.

  6. Select a role for the members of the organization.

  7. Click Save.

  8. Test logging into Prisma Cloud Console.

    1. Logout of Prisma Cloud.

    2. On the login page, select OAuth, and then click Login.

      oauth2 login
    3. Authorize the Prisma Cloud OAuth App to sign you in.

      oauth2 github authorization