Configure SSO Just-in-time Provisioning for Okta in Prisma Cloud

Note: This is done with Okta Classic UI

1. Configure SSO w/ Okta without using the built-in Prisma Cloud App.
2. Within Okta, create a custom attribute on the Prisma Cloud Okta App
   1. Go to Directory -> Profile Editor
   2. Under Filters, click on "App"
   3. Find the Prisma Cloud app and click on "Profile"
   4. Click "Add Attribute"
      1. Display name - whatever you like
      2. Variable name - "rrole" (or any value you like)
      3. Attribute length - make sure it's long enough to fit the Prisma Cloud Role name/
         
3. Configure Attribute Statements on the Prisma Cloud Okta App
   1. Go to Applications -> Applications
   2. Click on the Prisma Cloud application
   3. Go to General tab
   4. Click on Edit next to SAML Settings
   5. Go to Step 2
   6. Under Attribute Statements (Optional), add these:
      
4. Configure Prisma Cloud Role attribute for each of the users
   1. Go to Applications -> Applications
   2. Click on the Prisma Cloud application
   3. Go to Assignments tab
   4. For existing users
      1. Click on the pencil icon
      2. Add the Prisma Cloud Role you want to give this user (e.g. "System Admin")
         
         
   5. For new users
      1. Click on Assign -> Assign to People
      2. Click "Assign" for the user you want to give access to Prisma Cloud
      3. Define the Prisma Cloud Role you want to give this user (e.g. "System Admin")
5. Configure Prisma Cloud for SSO JIT
   1. Login to Prisma Cloud
   2. Go to Settings -> SSO
   3. Under JIT section, enter these values:
      
      (Notice that the values match to the Attribute Statement Names in Step 3.f)
6. Run a test by logging in with a user that is assigned to the Prisma Cloud application in Okta