Skip to main content

Initial Setup

After CloudKeeper onboards your organization, follow these steps to complete your initial configuration.

Step 1: Log In as Customer Admin

  1. Navigate to your organization's Prism URL: https://yourcompany.prism.cloudkeeper.com/init
  2. Set up your password and configure MFA
  3. You'll see the Application Selection screen — click Admin Portal
  4. You'll be taken to the Admin Portal dashboard
tip

The /init path is specifically for intial admin login. SSO users access Prism through SSO on the root URL.

Configure an identity provider so your users can log in with their existing corporate credentials:

  1. Navigate to Preferences > Identity Providers in the sidebar
  2. Click Add Identity Provider
  3. Choose your provider:
    • Google OAuth — For Google Workspace organizations
    • Microsoft OAuth — For Microsoft 365 / Azure AD organizations
    • Custom OIDC — For other OpenID Connect providers
  4. Follow the provider-specific setup instructions

See Identity Providers for detailed configuration guides.

Step 3: Create Users

Create user accounts for your team members:

  1. Navigate to Users in the sidebar
  2. Click Create User
  3. Fill in the user details:
    • Username (required) — Must be unique
    • Email (required) — Must be unique
    • First Name and Last Name (required)
  4. Click Create

See Create User for details.

info

If you configured SCIM provisioning, users are synchronized automatically from your identity provider. See SCIM Configuration.

Step 4: Create Groups

Organize users into groups for easier permission management:

  1. Navigate to Groups in the sidebar
  2. Click Create Group
  3. Enter a group name
  4. Click Create
  5. Add users to the group

See Groups for details.

Step 5: Onboard AWS Accounts

Add your AWS accounts to Prism:

  1. Navigate to Accounts in the sidebar
  2. Follow the onboarding wizard to add your organization's AWS accounts
  3. Assign account owners who will approve JIT access requests

See Onboard Account for the full walkthrough.

Step 6: Create Permission Sets

Define what level of access users will have:

  1. Navigate to Permission Sets in the sidebar
  2. Click Create Permission Set
  3. Enter a name and optional description
  4. Set the session duration
  5. Add AWS managed policies (e.g., ReadOnlyAccess, PowerUserAccess) and/or write custom inline policies
  6. Click Create

See Permission Sets for details.

Step 7: Create Assignments

Grant users or groups access to AWS accounts:

  1. Navigate to Assignments in the sidebar
  2. Either:
    • Select one or more accounts using the checkboxes and click the + Assign button at the top, or
    • Click on an account to open its detail view, then click Assign users or groups
  3. Select the users or groups and the permission sets to assign
  4. Confirm the assignment. Assignments are eventually consistent and may take a few seconds to propagate.

See Assignments for details.

Step 8: Replicate Configuration

Synchronize your IAM Identity Center configuration to Prism:

  1. Navigate to Preferences > Replication in the sidebar
  2. Configure the management acccount of your AWS Organization and Run Full Replication to synchronize everything
  3. Wait for the replication to complete

See Replication for details.

Verification

After completing the initial setup:

  • Identity provider is configured and users can log in via SSO
  • Users and groups are created
  • AWS accounts are onboarded with owners assigned
  • Permission sets are defined
  • Assignments are created
  • Replication has completed successfully

Next Steps