Get Started with OIDC SSO
Prisma Cloud offers a Service Provider (SP) initiated SSO capability. Leveraging OpenID Connect OpenID Connect (OIDC), this option enables Prisma Cloud System Administrators to allow users to sign in to Prisma Cloud with their Identity Provider (IdP) credentials using the Sign in via SSO option on the login page. Learn more about setting up SP-initiated SSO below.
Complete the steps below on the Prisma Cloud console and your IdP to set up OIDC:
-
Log in to Prisma Cloud using an account with System Administrator privileges to configure SSO and redirect login requests to the IdP’s login page.
-
Complete the following steps on your Prisma Cloud tenant:
-
Select Access Control > SSO and select OIDC as shown below.
-
Copy the Audience URI value. This is a read-only field in the format that uniquely identifies your instance of Prisma Cloud. This value is required to configure OIDC on your IdP.
tt:[NOTE:] The Prisma ID of a tenant is displayed adjacent the OIDC configuration so that it can be shared with users that may have access to multiple tenants. If you have access to multiple tenants on a stack you will be required to enter the Prisma ID of the tenant you are logging into.
-
-
Complete the setup on the IdP.
-
Add the Callback URI previously created on Prisma Cloud to the IdP.
-
Login to the Prisma Cloud console to verify that SP initiated SSO set up is complete.