User Guide
Release Notes

Palo Alto Networks SASE/Prisma Access

Configuring the Veza integration for Palo Alto Networks SASE / Prisma Access

Overview

The Veza integration for Palo Alto Networks enables the discovery of applications, users, roles, and permissions from the Palo Alto Networks SASE platform. Veza uses Palo Alto Networks APIs to populate the Authorization Graph with entities and metadata.

This document explains how to enable and create a Palo Alto Networks integration. See notes and supported entities for more details.

Configuring Palo Alto Networks SASE / Prisma Access

Before adding the integration to Veza, create a service account for the connection and record your tenant ID.

To create a service user on the Palo Alto Networks platform, follow these steps:

  1. Browse to your Strata Cloud Manager instance as an administrator.

  2. In the left navigation pane, click the Settings gear. Click Identity & Access.

  3. In the Identity & Access pane that appears, record and store the tenant ID (TSG ID) displayed at the top of the pane, then click the Add Identity button.

  4. In the modal that appears, provide the following information:

    • Identity Type: Service Account

    • Service Account Name: Enter a unique name for the service account (ex: svc-veza-integration)

    • Service Account Contact: Enter an optional email for the owner of the service account

    • Description: Enter an optional description for the service account's purpose

  5. Click Next.

  6. On the Client Credentials screen that appears, copy and save the Client ID and Client Secret. Click Next.

  7. On the Assign Roles screen, click the dropdown menu under Apps & Services and enable All Apps & Services. Click the Role box and pick View Only Administrator.

Configuring Palo Alto Networks on the Veza Platform

To enable Veza to gather data from the Palo Alto Networks platform, follow these steps:

  1. In Veza, open the Integrations page.

  2. Click Add New and pick Palo Alto Networks as the type of integration to add. Click Next.

  3. Enter the required information (below) and Save the configuration.

Notes and Supported Entities

The connector discovers the following entities and attributes:

Palo Alto Applications

The connector discovers the following applications on the Palo Alto Networks platform:

Palo Alto Networks User

The connector discovers human users and service account users.

Palo Alto Networks Role

The connector discovers both built-in and custom roles and their permissions.

PreviousPagerDutyNextPingOne

Last updated