Skip to main content

Add Azure Cloud Account

Onboard a new azure cloud account onto the Prisma Cloud platform.

Prerequisite: Generate and download the Terraform template by calling Generate and Download the Azure Terraform Template.

Note: For Azure China, Terraform template generation is not supported. You must create the app registration and the required roles manually.

Query Parameters
  • skipStatusChecks boolean

    true = Skip account status checks to improve response time

Request Body required

Cloud Account

  • clientId string required

    Application (Client) ID

  • defaultAccountGroupId string

    Required only for accountType: tenant.

    This is the Default Account Group ID for the Azure Tenant and its Management Groups/Subscriptions.

  • environmentType string required

    Possible values: [azure, azure_gov, azure_china]

    • azure - Commercial deployment type. Applicable for Prisma Commercial and Government stacks

    • azure_gov - Government deployment type. Applicable for Prisma Commercial and Government stacks..

    • azure_china - Applicable for Prisma China Stack.

  • features object[]

    Features to be enabled and/ or disabled. To get a list of all the supported features, call Fetch Supported Features endpoint

  • Array [
  • name string

    Feature name obtained from Fetch Supported Features endpoint

  • state string

    Possible values: [enabled, disabled]

    Feature state. Whether to be enabled or disabled

  • ]
  • hierarchySelection object[]

    Required only for accountType: tenant.

    Include or Exclude a list of Azure Management Groups and Azure Subscriptions to onboard under this Tenant.

  • Array [
  • displayName string

    To get the display name of resource, Refer List Children of Parent.

    aws: List Children of Parent (AWS)

    gcp: List Children of Parent (GCP). Display name is the organization name if nodeType is ORG

    azure: List Children of Parent (Azure)

  • nodeType string

    Possible values: [ORG, FOLDER, PROJECT, SUBSCRIPTION, MANAGEMENT_GROUP, TENANT, ACCOUNT, OU]

    Member account node type. Supported values based on cloud type:

    aws: ORG, OU, or ACCOUNT

    gcp: ORG, FOLDER, or PROJECT

    azure: SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT

  • resourceId string

    To get the list of resource IDs and its details, Refer List Children of Parent.

    aws: List Children of Parent (AWS)

    gcp: List Children of Parent (GCP)

    azure: List Children of Parent (Azure)

  • selectionType string

    Possible values: [ALL, INCLUDE, EXCLUDE]

    Organization Member accounts Selection type.

    ALL: Include the resource and all its children

    INCLUDE: Include the specified resource

    EXCLUDE: Exclude the specified resource

  • ]
  • key string required

    Application key/client secret

  • monitorFlowLogs boolean

    If set to true, it ingests Network Security Group Flow Logs to Prisma Cloud

  • rootSyncEnabled boolean

    Applicable only for accountType: tenant

    In order to onboard the tenant and its associated management groups and subscriptions, rootSyncEnabled must be set to true

  • servicePrincipalId string

    Service Principal ID

  • tenantId string required

    Directory (Tenant) ID

Responses

successful operation

Loading...