If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

The goal of this guide is to add a new SkyFormation for Palo AltoPrisma SAAS (Aperture) connector to your SkyFormation Platform.

Prerequisites

To add the Prisma SAAS (Aperture) connector to your SkyFormation app, you will need to have the following Prisma SAAS (Aperture) account's information at hand:

1. Unique Client ID + Client Secret 
   (used by the connector to authenticate and interact with the Prisma SAAS (Aperture) service later)
   
   To get the Client ID the Aperture admin should follow the steps described at:
   
   https://docs.paloaltonetworks.com/prisma/prisma-saas/prisma-saas-admin/prisma-saas-syslog-and-api-integration/prisma-saas-api-integration/add-your-api-client-app-to-the-prisma-saas-service
   
   or the below steps taken out of the above article:
   
   a. Login to your Aperture account
   b. Select Settings > External Service
   c. Click Add Client App to register an API client.
   d. Enter a unique Name for the API client.
   e. Save your changes.
   
   The Aperture service generates a Client ID and a Client Secret and displays the results.
   Keep these two values for the later connector on-board process described below.
   
   NOTE !!! The Aperture service displays the Client Secret in a pop up. After you dismiss the pop-up, you cannot see the Client Secret again.                      
   
   To get more user management information refer to the guide:
   https://docs.paloaltonetworks.com/aperture/aperture-admin/aperture-syslog-and-api-integration.html

Steps to onboard the connector to SkyFormation app

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "Palo Alto Aperture". You will see the following screen:

    6. Fill in the following information:

        - Account Name
          Give the Palo Alto connector a meaningful name for you. 
          This will become your cloud app connector name displayed in the application and the 
          events sent to external systems as SIEM/Log management.

          e.g. "Corporate CASB"     

        - Description
          Add a text that describes the Palo Alto Prisma SAAS (Aperture) service for you.

          This is an optional field.

        - Client ID
          Account unique Client ID retrieved at the prerequisite section.

        - Client-Secret
          Account specific Client Secret retrieved at the prerequisite section. 

     
     7. At this point, you can click on "TEST CONNECTION" to make sure the connection is set up
         successfully, or just click on "DONE".

    8. Start the connector and make sure that the status becomes "OK" after a few seconds.

DONE!