We have a new instance of Prisma SaaS. It is not yet configured for all users and/or SaaS applications. It is however connected to the Palo Alto Hub...so the few users we have access Prisma SaaS via their Palo Alto Support credentials. Once we hook up our SaaS applications, we would like to add users from various departments (e.g. Legal)...but it doesn't make sense for them to have Palo Alto Support accounts.
We read through the Prisma SaaS Administration Guide and there appears to be a way to set up SSO using our authentication provider. However, when we try to upload our certificate we always get a "Certificate Loading Error" message showing up.
I briefly spoke with a Palo representative and they mentioned that since our Prisma SaaS instance is connected to the Palo Hub, we can't set up SSO using our authentication provider. Is there any way to remove Prisma SaaS from the Hub so we can use our auth provider?
The documentation makes no mention of not being able to use our SSO after we connected it to the Hub. We tried many various certificate export types (DER encoded & Base-64 encoded .cer files), but they both produce the "Certificate Loading Error".
Hi, thanks for asking! The representative you spoke with was generally correct. When your tenant is provisioned as part of the Hub then SSO is mutually exclusive. That doesn't make it impossible, but it would be a special request. Would you consider opening a support request?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!