Skip to main content
 

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Add Service Account

Service accounts differ from user accounts in that they don't need an email address associated with them and don't need to be validated or activated in an external system before they can be used. You must have the System Administrator role on Prisma Cloud Compute to add a service account.

Caution

Think carefully about the information you enter, because after you create a service account, you can't make changes. You must delete it and start over.

  1. Select Settings > Users and then select Add New > Service Account. The Account Details tab appears.

    mceclip0.png
  2. Type these account details:

    • Service Account Name: expel_service_account

    • Role: System Admin

  3. Click Next. The Access Key Details tab appears.

    mceclip1.png
  4. Type an Access Key Name (your choice).

    Caution

    Do NOT select Enable Expiration.

  5. Click Save & Create (1 of 2) to generate the key. The Access Key Results screen appears.

    mceclip2.png
  6. Click Download .csv file to download your access key as a .csv file and then store it in a secure location.

    Note

    Access keys are not stored on Prisma Cloud Compute, so this is the only opportunity that you have to download it.

  7. To view the new service account, select Settings > Users and type the service account name in the Search field. If there is a problem with the service account, delete it and start over at Step 1.

    mceclip3.png

Step 2: Determine Prisma Cloud Compute console URL

Prisma Cloud Compute can be either a self-hosted or SaaS installation. The Prisma Cloud Compute console URL depends on your specific installation. Use the following sections to determine your Prisma Cloud Compute console URL.

Self-Hosted Installation

For self-hosted environments, the Prisma Cloud Compute API is exposed on port 8083 (HTTPS). This port is specified at install time in twistlock.cfg.

  • For Kubernetes Installations (most common):

    • Console service is exposed by a LoadBalancer.

    • The console URL is the LoadBalancer followed by port 8083: https://<LOAD_BALANCER>:8083

  • For Onebox installations:

    • Console installed on a standalone host.

    • The Console URL is the IP address or DNS name of the host followed by port 8083: https://<IP_ADDRESS>:8083

SaaS Installation

  1. Log into Console.

  2. Go to Manage > System > Utilities.

  3. The console URL is listed under Path to Console at the bottom of the page.

Step 3: Configure the technology in Workbench

  1. Go to https://workbench.expel.io/settings/security-devices?setupIntegration=prisma_cloud_compute.

    mceclip0.png
  2. If you are running a Prisma Cloud Compute SaaS installation, then select Cloud for Where is your device (as shown above).

  3. If you are running a Prisma Cloud Compute self-hosted installation, select On-prem and then select Assembler from the list. Select the assembler you set up in Getting Connected to Expel Workbench

  4. For Name and Location type Prisma and for location either Cloud or On-prem.

  5. For Username type the Access Key ID created in Step 1.

  6. For Password type the Secret Access Key created in Step 1.

  7. For Server address type the console URL determined in Step 2.

  8. For Username and Password in the optional Console Login section fields type the Access Key ID and Secret Access Key created in Step 1.