>
    Strata Copilot
    Create a Service Account for EDM Dataset Uploads
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Administration
    4. Configure Enterprise DLP
    5. Exact Data Matching (EDM)
    6. Create a Service Account for EDM Dataset Uploads
    Download PDF
    Enterprise DLP

    Create a Service Account for EDM Dataset Uploads

    Table of Contents

    Create a Service Account for EDM Dataset Uploads

    Create a service account for Enterprise Data Loss Prevention (E-DLP) on Strata Cloud Manager to securely upload your EDM datasets to Enterprise DLP.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Prisma Browser
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    Before you configure connectivity between the EDM CLI app and Enterprise Data Loss Prevention (E-DLP), you must create an Enterprise DLP service account on Strata Cloud Manager.
    1. Access the Common Services Identity and & Access settings and add a Service Account to generate the Client ID and Client Secret.
      • New Service Account
        1. Enterprise DLP uses the Client ID and Client Secret to authenticate and connect the EDM CLI app.
          When you create the Service Account, the Client ID and Client Secret are displayed in the Client Credentials. You can manually copy the Client Credentials or Download CSV File to download the Client Credentials in plaintext locally to your device.
        2. Assign a role to the service account to upload EDM datasets to Enterprise DLP. EDM dataset uploads fail if the service account does not have a role assigned with write access privileges to Enterprise DLP.
          You can assign any predefined role on Strata Cloud Manager or a predefined or custom role specific to Enterprise DLP on Strata Cloud Manager.
          If you're creating a service account only for EDM dataset uploads, Palo Alto Networks recommends assigning the DLP Policy Administrator role for the Enterprise DLP app. The service account uploading EDM datasets to Enterprise DLP requires write privileges to successfully upload.
      • Existing Service Account
        You can reset the Client Secret for an existing service account if it's been lost.
        Skip this step if you have the Client ID and Secret pair for an existing service account.
        Resetting the Client Secret for an existing service accounts impacts all existing services using the old Client Secret. You must reconfigure any applications, integrations, and authentication mechanism that use the previous Client ID and Secret pair for this service account if you reset the Client Secret.
        1. Log in to Strata Cloud Manager.
        2. Select System SettingsIdentity & Access Management.
        3. Select All IdentitiesAll Service Accounts to sort the Access Management list by service account.
        4. Locate the service account and click the edit icon in the Action column.
        5. Click Back in the Assign Roles screen.
        6. Reset Client Secret. You're prompted to confirm that resetting the client secret impacts all currently configured applications, integrations, and authentications using the current Client Secret.
        7. Strata Cloud Manager generates a new Client Secret. You can manually copy the Client Credentials or Download CSV File to download the Client Credentials in plaintext locally to your device.
        8. Edit the Role for the service account if needed.
        9. Submit.
    2. Continue based on the mode you plan to use to upload EDM datasets:

    © 2026 Palo Alto Networks, Inc. All rights reserved.