Skip to main content

Add Cloud Account (Azure)

POST 
/cas/v1/azure_account

Onboard a new azure cloud account onto the Prisma Cloud platform.

Prerequisite: Generate and download the Terraform template by calling Generate and Download the Azure Terraform Template.

Note: For Azure China, Terraform template generation is not supported. You must create the app registration and the required roles manually.

Request

Query Parameters

    skipStatusChecks boolean

    true = Skip account status checks to improve response time

Body

required

Cloud Account

    accountGroupMode string

    Possible values: [MANUAL, AUTOMAP]

    Applicable only for role: System Admin and account type: tenant when rootSyncEnabled is set to true.

    • MANUAL - Create account groups manually in Prisma Cloud.

    • AUTOMAP - Automatically creates the account groups in Prisma Cloud replicating the hierarchy in Azure Cloud.

    clientId stringrequired

    Application (Client) ID

    cloudAccount objectrequired
    accountId stringrequired

    Organization resource ID if accountType is organization.

    Project ID if accountType is account or masterServiceAccount.

    accountType stringrequired

    Possible values: [account, masterServiceAccount, organization]

    Cloud Account Type.

    account: GCP Project

    organization: GCP Organization

    masterServiceAccount: Onboards all GCP projects that are accessible by the service account.

    enabled boolean

    Enable or disable this account on Prisma Cloud.

    Default value: false

    groupIds string[]

    List of Account Groups that must be mapped to this account. To get the account group ids,call List Account Groups API

    name stringrequired

    Account name for the GCP account that will be onboarded on Prisma Cloud. (must be unique)

    projectId string

    ID of the project.

    Get the project ID from the credentials json file that is generated from the GCP Terraform template.

    defaultAccountGroupId string

    Required only for accountType: tenant.

    This is the Default Account Group ID for the Azure Tenant and its Management Groups/Subscriptions.

    environmentType stringrequired

    Possible values: [azure, azure_gov, azure_china]

    • azure - Commercial deployment type. Applicable for Prisma Commercial and Government stacks

    • azure_gov - Government deployment type. Applicable for Prisma Commercial and Government stacks..

    • azure_china - Applicable for Prisma China Stack.

    features object[]

    Features to be enabled and/ or disabled. To get a list of all the supported features, call Fetch Supported Features endpoint

  • Array [
    • defaultMemberState string

    Possible values: [enabled, disabled]

    Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.

    name string

    Feature name obtained from Fetch Supported Features endpoint

    state string

    Possible values: [enabled, disabled]

    Feature state. Whether to be enabled or disabled

  • ]
    • hierarchySelection object[]

    Required only for accountType: tenant.

    Include or Exclude a list of Azure Management Groups and Azure Subscriptions to onboard under this Tenant.

  • Array [
    • displayName string

    To get the display name of resource, Refer List Children of Parent.

    aws: List Children of Parent (AWS)

    gcp: List Children of Parent (GCP). Display name is the organization name if nodeType is ORG

    azure: List Children of Parent (Azure)

    nodeType string

    Possible values: [ORG, FOLDER, PROJECT, SUBSCRIPTION, MANAGEMENT_GROUP, TENANT, ACCOUNT, OU]

    Member account node type. Supported values based on cloud type:

    aws: ORG, OU, or ACCOUNT

    gcp: ORG, FOLDER, or PROJECT

    azure: SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT

    resourceId string

    To get the list of resource IDs and its details, Refer List Children of Parent.

    aws: List Children of Parent (AWS)

    gcp: List Children of Parent (GCP)

    azure: List Children of Parent (Azure)

    selectionType string

    Possible values: [ALL, INCLUDE, EXCLUDE]

    Organization Member accounts Selection type.

    ALL: Include the resource and all its children

    INCLUDE: Include the specified resource

    EXCLUDE: Exclude the specified resource

  • ]
    • key stringrequired

    Application key/client secret

    monitorFlowLogs boolean

    If set to true, it ingests Network Security Group Flow Logs to Prisma Cloud

    rootSyncEnabled boolean

    Applicable only for accountType: tenant

    In order to onboard the tenant and its associated management groups and subscriptions, rootSyncEnabled must be set to true

    servicePrincipalId string

    Service Principal ID

    tenantId stringrequired

    Directory (Tenant) ID

Responses

successful operation

Loading...