Create Authentication Section

admin_guide/_topic_map_compute_edition.yml

@@ -251,38 +251,6 @@ Topics:
 - Name: PCF blobstore scanning
   File: pcf_blobstore
 ---
-Name: Access control
-Dir: access_control
-Topics:
-- Name: Access control
-  File: access_control
-- Name: Role-based access control
-  File: rbac
-- Name: Integrate with Active Directory
-  File: integrate_active_directory
-- Name: Integrate with OpenLDAP
-  File: integrate_openldap
-- Name: Integrate with SAML
-  File: integrate_saml
-- Name: Integrate Google G Suite (SAML)
-  File: integrate_saml_google_g_suite
-- Name: Integrate with Azure Active Directory via SAML 2.0 Federation
-  File: integrate_saml_azure_active_directory
-- Name: Integrate with PingFederate via SAML 2.0 Federation
-  File: integrate_saml_ping_federate
-- Name: Integrate with Active Directory Federation Services (ADFS) via SAML 2.0 Federation
-  File: integrate_saml_active_directory_federation_services
-- Name: Non-default UPN suffixes
-  File: non_default_upn_suffixes
-- Name: Compute user roles
-  File: user_roles
-- Name: Assign roles
-  File: assign_roles
-- Name: Use custom certificates for authorization
-  File: use_custom_certs_for_auth
-- Name: Open Policy Agent
-  File: open_policy_agent
----
 Name: Compliance
 Dir: compliance
 Topics:
@@ -372,6 +340,16 @@ Topics:
   - Name: Service violation
     File: service_violation
 ---
+Name: Access control
+Dir: access_control
+Topics:
+- Name: Access control
+  File: access_control
+- Name: Docker Role-based access control
+  File: rbac
+- Name: Open Policy Agent
+  File: open_policy_agent
+---
 Name: Continuous integration
 Dir: continuous_integration
 Topics:
@@ -491,6 +469,56 @@ Topics:
 - Name: Kubernetes auditing
   File: kubernetes_auditing
 ---
+Name: Authentication
+Dir: authentication
+Topics:
+- Name: Authentication
+  File: authentication
+- Name: Integrate with Active Directory
+  File: integrate_active_directory
+- Name: Integrate with OpenLDAP
+  File: integrate_openldap
+- Name: Integrate with SAML
+  File: integrate_saml
+- Name: Integrate Google G Suite (SAML)
+  File: integrate_saml_google_g_suite
+- Name: Integrate with Azure Active Directory via SAML 2.0 Federation
+  File: integrate_saml_azure_active_directory
+- Name: Integrate with PingFederate via SAML 2.0 Federation
+  File: integrate_saml_ping_federate
+- Name: Integrate with Active Directory Federation Services (ADFS) via SAML 2.0 Federation
+  File: integrate_saml_active_directory_federation_services
+- Name: Active Directory Non-default UPN suffixes
+  File: non_default_upn_suffixes
+- Name: Compute user roles
+  File: user_roles
+- Name: Assign roles
+  File: assign_roles
+- Name: Use custom certificates for authorization
+  File: use_custom_certs_for_auth
+---
+Name: Continuous integration
+Dir: continuous_integration
+Topics:
+- Name: Continuous integration
+  File: continuous_integration
+- Name: Jenkins plugin
+  File: jenkins_plugin
+- Name: Jenkins Freestyle project
+  File: jenkins_freestyle_project
+- Name: Jenkins Maven project
+  File: jenkins_maven_project
+- Name: Jenkins Pipeline project
+  File: jenkins_pipeline_project
+- Name: Run Jenkins in a container
+  File: run_jenkins_container
+- Name: Jenkins pipeline on K8S
+  File: jenkins_pipeline_k8s
+- Name: CloudBees Core pipeline on K8S
+  File: cloudbees_core_pipeline_k8s
+- Name: Set policy in the CI plugins
+  File: set_policy_ci_plugins
+---
 Name: Tools
 Dir: tools
 Topics:

admin_guide/_topic_map_prisma_cloud.yml

@@ -236,16 +236,8 @@ Dir: access_control
 Topics:
 - Name: Access control
   File: access_control
-- Name: Access keys
-  File: access_keys
-- Name: Role-based access control
+- Name: Docker Role-based access control
   File: rbac
-- Name: Prisma Cloud user roles
-  File: prisma_cloud_user_roles
-- Name: Compute user roles
-  File: user_roles
-- Name: Assign roles
-  File: assign_roles
 - Name: Open Policy Agent
   File: open_policy_agent
 ---
@@ -338,6 +330,20 @@ Topics:
   - Name: Service violation
     File: service_violation
 ---
+Name: Authentication
+Dir: authentication
+Topics:
+- Name: Authentication
+  File: authentication
+- Name: Access keys
+  File: access_keys
+- Name: Prisma Cloud user roles
+  File: prisma_cloud_user_roles
+- Name: Compute user roles
+  File: user_roles
+- Name: Assign roles
+  File: assign_roles
+---
 Name: Continuous integration
 Dir: continuous_integration
 Topics:

admin_guide/access_control/access_control.adoc

@@ -1,10 +1,3 @@
 == Access control
 
 Establish and monitor access control measures for cloud workloads and cloud native applications.
-
-Prisma Cloud provides broad enterprise identity support, integrating with Active Directory, OpenLDAP, Ping, Okta, Shibboleth, Azure AD, and G Suite, allowing you to implement central credential management in the Prisma Cloud Platform.
-Define accounts and IAM roles to integrate with your cloud providers in one place and reuse them across the product.
-Pluggable cryptography allows you to bring your own certificates, not just for TLS, but also for smart card authentication to Console.
-
-Prisma Cloud ships with prebuilt roles to provide least privilege access to your devops and security teams.
-Use Assigned Collections to precisely control what data teams can view or use built-in multi-tenancy to securely isolate entire business units or geographies within the same Console.

admin_guide/access_control/assign_roles.adoc → admin_guide/authentication/assign_roles.adoc

@@ -1,15 +1,14 @@
 == Assign roles
 
 ifdef::compute_edition[]
-After creating a user or group, you can assign a xref:../access_control/user_roles.adoc[role] to it.
+After creating a user or group, you can assign a xref:../user_roles.adoc[role] to it.
 Roles determine the level of access to Prisma Cloud’s data and settings.
 
 Prisma Cloud supports two types of users and groups:
 
 * Centrally managed users and groups, defined in your organization’s directory service.
 With directory services such as Active Directory, OpenLDAP, and SAML providers, you can re-use the identities set up in these systems.
 * Prisma Cloud users and groups, created and managed from Console.
-
 For centrally managed users groups, roles can be assigned after you integrate your directory service with Prisma Cloud.
 Roles can be assigned to individual users or to groups.
 When you assign a role to a group, all members of the group inherit the role.
@@ -117,7 +116,6 @@ The following procedure shows you how to assign a role to an existing AD/OpenLDA
 *Prerequisites:*
 
 * You have integrated Prisma Cloud with Active Directory, OpenLDAP, or SAML.
-
 [.procedure]
 . Open Console, and log in with your admin credentials.
 
@@ -142,4 +140,4 @@ Access is denied to users with any other role.
 
 The Prisma Cloud System Admin role is mapped to Compute's (inner management interface) Administrator role.
 
-endif::prisma_cloud[]
+endif::prisma_cloud[]

admin_guide/authentication/authentication.adoc

@@ -0,0 +1,8 @@
+== Authentication
+
+Prisma Cloud provides broad enterprise identity support, integrating with Active Directory, OpenLDAP, Ping, Okta, Shibboleth, Azure AD, and G Suite, allowing you to implement central credential management in the Prisma Cloud Platform.
+Define accounts and IAM roles to integrate with your cloud providers in one place and reuse them across the product.
+Pluggable cryptography allows you to bring your own certificates, not just for TLS, but also for smart card authentication to Console.
+
+Prisma Cloud ships with prebuilt roles to provide least privilege access to your devops and security teams.
+Use Assigned Collections to precisely control what data teams can view or use built-in multi-tenancy to securely isolate entire business units or geographies within the same Console.

admin_guide/access_control/integrate_active_directory.adoc → admin_guide/authentication/integrate_active_directory.adoc

@@ -15,7 +15,7 @@ With AD integration, you can:
 * Extend your organization’s access control logic to the management of Docker containers.
 
 For example, you could specify that only members of the AD group Dev Ops Admins can start and stop containers in the production environment.
-For more information, see xref:../access_control/rbac.adoc[Access control for Docker Engine (RBAC)].
+For more information, see xref:../user_roles.adoc[User Roles].
 
 
 === Configuration options
@@ -155,7 +155,7 @@ After integrating AD with Prisma Cloud, you can:
 
 * Grant admin privileges to specific users or groups.
 For more information, see
-xref:../access_control/assign_roles.adoc[Assigning roles].
+xref:../assign_roles.adoc[Assigning roles].
 * Set up policies for accessing Docker and Kubernetes.
 For more information, see
 xref:../access_control/rbac.adoc[Access control for Docker Engine].

admin_guide/access_control/integrate_saml_active_directory_federation_services.adoc → admin_guide/authentication/integrate_saml_active_directory_federation_services.adoc

@@ -179,7 +179,7 @@ NOTE: When federating with ADFS Prisma Cloud usernames are case insensitive. All
 +
 image::adfs_saml_12.png[width=600]
 
-.. *Role*: select an appropriate xref:../access_control/user_roles.adoc#[role].
+.. *Role*: select an appropriate xref:../user_roles.adoc#[role].
 
 . Click *Save*.
 

admin_guide/access_control/prisma_cloud_user_roles.adoc → admin_guide/authentication/prisma_cloud_user_roles.adoc

@@ -70,4 +70,4 @@ NOTE: Only Admin can create collections in Compute. Collections for Read-Only us
 
 To learn more about Prisma Cloud permission groups and roles, see https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-prisma-cloud-roles.html#[Create Roles in Prisma Cloud].
 
-To learn more about Compute roles, see xref:../access_control/user_roles.adoc#[User roles].
+To learn more about Compute roles, see xref:../user_roles.adoc#[User roles].

admin_guide/access_control/user_roles.adoc → admin_guide/authentication/user_roles.adoc

@@ -75,7 +75,7 @@ In Console, you assign the Administrator role to GroupA and the Auditor role to
 NOTE: Roles are enforced the same way for both the Prisma Cloud UI and the Prisma Cloud API.
 
 To learn how to assign roles to users and groups, see
-xref:../access_control/assign_roles.adoc#[Assigning roles].
+xref:../assign_roles.adoc#[Assigning roles].
 
 
 === Roles