Add Administrative Users On Prisma Cloud
Enable administrative access to Prisma Cloud by adding users and assigning one or more roles.
To provide administrative access to Prisma Cloud—admin and API—you must add users locally on Prisma Cloud. You can choose whether you want these administrators to use Palo Alto Networks Customer Support Portal (CSP) credentials to log in or SSO using a third-party Identity Service Provider.
If you want to use Palo Alto Networks Customer Support Portal (CSP) credentials, when you add the email address for a user who already has a support account with Palo Alto Networks, they can just log in to Prisma Cloud using the Prisma Cloud URL or from the Prisma Cloud tile on hub. If you Set up SSO Integration on Prisma Cloud with an Identity Service Provider who supports SAML, you can configure Just-in-Time Provisioning (JIT) to create a local account on the fly, instead of creating the account in advance on Prisma Cloud. With JIT, you do not need to manually create a local user account.
The time zone is set automatically for Prisma Cloud administrators. It is derived from the user’s web browser and is based on the operating system that is used to access the Prisma Cloud administrative console.
The following instructions are for manually adding a local user account on Prisma Cloud.
-
Navigate to Settings > Access Control > Users and select Add > User.
-
Enter First Name, Last Name, and Email of the user.
You can enter a maximum of 300 characters in the First Name and Last Name fields. For a user who has a Palo Alto Networks CSP account, you must enter the email address that is associated with the CSP account so that they can log in as soon as you save the changes. If the user does not have a CSP account, as soon as you add them here and save your changes, they will receive two emails. One email to activate the CSP account and another email with a link to get started with Prisma Cloud.
-
Assign Roles to the user.
You can assign up to fifty roles to a user, and must select one as the Default Role. See Prisma Cloud Administrator Roles for the different permission groups and associated permissions. Users with multiple roles can use the Profile to switch between roles. The default role is marked with a star.
The role assumed by the user is tied to policies, saved searches, saved alert filters, and recurring compliance reports that do not have a cloud account selected. These objects are available to any other user who has the same role, and it is not tied to the specific user.
-
Decide whether to Allow user to create API Access Keys.
By default, API access is enabled for the System Admin role only. When you add a new administrator, decide whether or not you want to enable API access for the other roles; the key icon in the API Access column indicates that the administrator has API access, and can create up to two access keys per role on Prisma Cloud. See Create and Manage Access Keys for more information.
-
Click Save and close to save this user or click Save and add another to add additional users.
-
After you add an administrator, you can edit or delete the user or modify permissions to add additional roles.
When you delete an administrator or modify the role, all the access keys associated with the user and role are deleted immediately.
-
To edit the details of an user, click the Role and change the details. You can enter a maximum of 300 characters in the Name field.
-
To disable an user, toggle the Status of the user.
-
To delete an user, click the corresponding Delete icon located under Actions.
-
-
Change the password for an administrative user.
If you want to set a new password to periodically change it or if you are unable to log in because you forgot your password. As a security measure, if you enter an incorrect password five times, your account is locked and you must reset your password.
-
Access the URL for your Prisma Cloud instance.
-
Click the Forgot password link.
You will receive an email at the email address registered above in Step 2. Use the link in the email to set a new password.
-