Add Cloud Account (Azure)
POST/cas/v1/azure_account
Onboard a new azure cloud account onto the Prisma Cloud platform.
Prerequisite: Generate and download the Terraform template by calling Generate and Download the Azure Terraform Template.
Note: For Azure China, Terraform template generation is not supported. You must create the app registration and the required roles manually.
Request
Query Parameters
true = Skip account status checks to improve response time
- application/json
Body
required
Cloud Account
-
azure - Commercial deployment type. Applicable for Prisma Commercial and Government stacks
-
azure_gov - Government deployment type. Applicable for Prisma Commercial and Government stacks..
-
azure_china - Applicable for Prisma China Stack.
- Array [
- ]
- Array [
- ]
-
MANUAL - Create account groups manually in Prisma Cloud.
-
AUTOMAP - Automatically creates the account groups in Prisma Cloud replicating the hierarchy in Azure Cloud.
cloudAccount objectrequired
Azure Subscription ID. Required field for accountType: account
Possible values: [account, tenant]
Cloud Account Type
True to enable ingestion of logs to Prisma Cloud. The default value is True. \n NOTE: Ingestion will be stopped if enabled is set to False
Name to be used for the account on the Prisma Cloud platform (must be unique)
Account Group Ids for this account.
Application (Client) ID
Possible values: [azure, azure_gov, azure_china]
Application key/client secret
If set to true, it ingests Network Security Group Flow Logs to Prisma Cloud
Service Principal ID
Directory (Tenant) ID
features object[]
Features to be enabled and/ or disabled. To get a list of all the supported features, call Fetch Supported Features endpoint
Feature name obtained from Fetch Supported Features endpoint
Possible values: [enabled, disabled]
Feature state. Whether to be enabled or disabled
Possible values: [enabled, disabled]
Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.
Required only for accountType: tenant.
This is the Default Account Group ID for the Azure Tenant and its Management Groups/Subscriptions.
hierarchySelection object[]
Required only for accountType: tenant.
Include or Exclude a list of Azure Management Groups and Azure Subscriptions to onboard under this Tenant.
To get the list of resource IDs and its details, Refer List Children of Parent.
aws: List Children of Parent (AWS)
To get the display name of resource, Refer List Children of Parent.
aws: List Children of Parent (AWS)
gcp: List Children of Parent (GCP). Display name is the organization name if nodeType is ORG
Possible values: [ORG, FOLDER, PROJECT, SUBSCRIPTION, MANAGEMENT_GROUP, TENANT, ACCOUNT, OU]
Member account node type. Supported values based on cloud type:
aws: ORG, OU, or ACCOUNT
gcp: ORG, FOLDER, or PROJECT
azure: SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT
Possible values: [ALL, INCLUDE, EXCLUDE]
Organization Member accounts Selection type.
ALL: Include the resource and all its children
INCLUDE: Include the specified resource
EXCLUDE: Exclude the specified resource
Applicable only for accountType: tenant
In order to onboard the tenant and its associated management groups and subscriptions, rootSyncEnabled must be set to true
Possible values: [MANUAL, AUTOMAP]
Applicable only for role: System Admin and account type: tenant when rootSyncEnabled is set to true.
Responses
- 200
- 400
- 404
successful operation
duplicate_cloud_account_name / duplicate_cloud_account / invalid_account_id_format / duplicate_cloud_account_needs_upgrade / cannot_select_zero_account_groups / invalid_account_group_ids
invalid_account_type