Prisma Cloud: How to resolve error "The Service Account Key uploaded is not valid. Please update to continue"
14758
Created On 01/17/22 22:05 PM - Last Modified 10/26/25 22:19 PM
Symptom
Customer onboard an Azure Active Directory Tenant With Management Groups gets an error "The Service Account Key uploaded is not valid. Please update to continue".
GUI Path: Settings > Providers > Edit Cloud account
Environment
- Prisma Cloud
- Azure
Cause
The following can be the root cause of the issue:
- IAM role permissions are not assigned at root-level in Management Group in Azure portal.
- Prisma Cloud App Client secret is expired under "Certificates & secrets"
Resolution
IAM role permissions are not assigned at root-level in Management Group in Azure portal.
It's not possible by design to onboard Management Group without giving root-level permissions in Azure Portal.
Azure portal:
- Login Azure portal
- Go to Management Groups > Tenant Root Group
- Add Access control (IAM) permissions and retry onboarding steps in the following link
Prisma Cloud App Client secret is expired under "Certificates & secrets"
- Login Azure portal
- Go to App registrations > Click on "All applications"
- Type "Prisma Cloud" in Search box
- Select Prisma Cloud app. In my case, it's "Prisma Cloud App arhww"
- Click on Certificates & secrets
- Client's Secret is expired.
- Click on "New client secret" to create a new one.
- Copy newly created Client Secret Value and replace it on Prisma Cloud console.
- Login to Prima Cloud > Settings > Providers > Edit Azure Cloud Account > Select "Configure Account"
- Replace newly created Client Secret with the old one.
- Click "Next" and then click on "Save and Close".
Additional Information
Reference doc: Add an Azure Active Directory Tenant With Management Groups .