PrismaCloud IAM
This Integration is part of the Prisma Cloud by Palo Alto Networks Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Note: This integration should be used as part of our Identity Lifecycle Management premium pack. For more information, please refer to the Identity Lifecycle Management article.
The Prisma Cloud IAM API consists of a set of API endpoints that allow customers to perform CRUD operation on their user profiles.
Configure PrismaCloud IAM on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for PrismaCloud IAM.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Base URL True Username True Password True Customer name If you are a multi-tenant user you will also need to provide the customerName. False Trust any certificate (not secure) False Use system proxy settings False Allow creating users False Allow updating users False Allow enabling users False Allow disabling users False Automatically create user if not found in update command False Incoming Mapper True Outgoing Mapper True Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
iam-create-user#
Creates a user.
Base Command#
iam-create-user
Input#
| Argument Name | Description | Required |
|---|---|---|
| user-profile | User Profile indicator details. | Required |
| allow-enable | When set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example#
``!iam-create-user user-profile={"email": "john.doe@example.com", "givenname": "test", "surname": "test"}````
Context Example#
Human Readable Output#
Update User Results (PrismaCloudIAM)#
brand instanceName success details PrismaCloudIAM PrismaCloudIAM_instance_1 true john.doe@example.com email: john.doe@example.com
firstName: test
lastName: test
roleId: some_role_id
timeZone: America/Los_Angeles
iam-update-user#
Updates an existing user with the data passed in the user-profile argument.
Base Command#
iam-update-user
Input#
| Argument Name | Description | Required |
|---|---|---|
| user-profile | A User Profile indicator. | Required |
| allow-enable | When set to true, after the command execution the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example#
``!iam-update-user user-profile={"email": "john.doe@example.com", "givenname": "John"}````
Context Example#
Human Readable Output#
Update User Results (PrismaCloudIAM)#
brand instanceName success details PrismaCloudIAM PrismaCloudIAM_instance_1 true john.doe@example.com email: john.doe@example.com
firstName: John
roleId: some_role_id
timeZone: America/Los_Angeles
iam-get-user#
Retrieves a single user resource.
Base Command#
iam-get-user
Input#
| Argument Name | Description | Required |
|---|---|---|
| user-profile | A User Profile indicator. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example#
``!iam-get-user user-profile={"email": "john.doe@example.com"}````
Context Example#
Human Readable Output#
Get User Results (PrismaCloudIAM)#
brand instanceName success active id details PrismaCloudIAM PrismaCloudIAM_instance_1 true true john.doe@example.com email: john.doe@example.com
firstName: test
lastName: test
timeZone: America/Los_Angeles
enabled: true
roleId: some_role_id
lastModifiedBy: modifier@example.com
lastModifiedTs: 1628152142011
lastLoginTs: -1
role: {"id": "some_role_id", "name": "System Admin"}
roleType: System Admin
displayName: test test
accessKeysAllowed: true
iam-disable-user#
Disable an active user.
Base Command#
iam-disable-user
Input#
| Argument Name | Description | Required |
|---|---|---|
| user-profile | A User Profile indicator. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example#
``!iam-disable-user user-profile={"email": "john.doe@example.com", "givenname": "John"}````
Context Example#
Human Readable Output#
Disable User Results (PrismaCloudIAM)#
brand instanceName success active PrismaCloudIAM PrismaCloudIAM_instance_1 true false john.doe@example.com
Outgoing Mapper#
- In the
User Profile - PrismaCloudIAM (Outgoing)you should manually configure and map the following required attributes:- timeZone - the time zone of the user.
- roleId - the id of the role assigned to the user