Prisma Cloud Compute: AWS SSO configuration 403 "No Access" Error for Self Hosted

Prisma Cloud Compute: AWS SSO configuration 403 "No Access" Error for Self Hosted

1741
Created On 10/28/21 18:11 PM - Last Modified 05/23/25 01:56 AM


Objective


user is unable to configure their AWS SSO settings on Prisma Cloud Compute self hosted console. Receiving 403 Error on the Prisma Cloud console when selecting SAML Authentication.
Error message

GUI Path: SAML > SAML Settings > Other provider 
Prisma Cloud Self Hosted SSO config

Environment


  • Prisma Cloud Self Hosted Compute
  • AWS Single Sign-on

 

Procedure


1. Add user locally and enable SAML authentication for that user.

2. Within AWS SSO use the following attributes:
  • ${user:email}. - this attribute is forced and cannot be removed groups
  • ${user:groups} - to pass the group attribute to prisma cloud 
As seen in the image below for the AWS config
AWS SSO

3. Within AWS you must use the Twistlock SSO integration, Do not select Redlock as a preconfigured AWS SSO integration.
  • ACS https://HOSTNAME/api/v1/authenticate (as indicated in the image below fill in this adapted URL under Application start URL and Application ACS URL)
  • AWS audience needs to be set to twistlock

User-added image

Additional Information


Here are the steps to set it up in AWS.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MAHCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language