Get Started with Common Services: Identity & Access
Table of Contents
Expand all | Collapse all
- Get Started with Common Services: Identity & Access
-
- Add an Identity Federation
- Manually Configure a SAML Identity Provider
- Upload SAML Identity Provider Metadata
- Get the URL of a SAML Identity Provider
- Clone SAML Identity Provider Configuration
- Add or Delete an Identity Federation Owner
- Configure Palo Alto Networks as a Service Provider
- Delete an Identity Federation
- Map a Tenant for Authorization
- Update Tenant Mapping for Authorization
- PAN Resource Name Mapping Properties
- Manage Single Tenant Transition to Multitenant
- Release Updates
Get Started with Common Services: Identity & Access
Get Started with Common Services: Identity &
Access
Welcome to Common Services: Identity and Access.
- Find out the general flow for accessing Identity and Access based on where you like to start: license activation, Strata Multitenant Cloud Manager, the hub, or Strata Cloud Manager.
- Find out who can use Identity & Access based on app support, first time activation, or tenant transition status.
What is the General Flow for Identity and Access?
There are a few ways to access Identity & Access:
First Time Activation | Prisma SASE Multitenant Platform and FedRAMP | Tenant View of the hub | AIOps for NGFW and Strata Cloud Manager |
---|---|---|---|
If you are activating a license for the first time, you are
automatically directed to Common ServicesIdentity & Access during the activation process.
|
If you have received information about the transition of your
tenant to the Multitenant Platform, you can access through the original support account view of the
hubPrisma SASE Platform button Tenants and ServicesCommon ServicesIdentity & Access.
|
To access directly from the hub, toggle to tenant view of the hubCommon Services Identity & Access
|
Depending on your licensed
products, and if you have received information about the
migration of your tenant to Strata Cloud Manager, you can
access through SettingsIdentity & Access.
|
See the Common Services FAQ for further
information about tenants, the tenant transition, or the tenant view of the hub.
Regardless of how you access Common Services: Identity & Access,
you’ll use approximately the following flow to manage your deployment.
- Activate licenses for your deployment type.
- Manage users, roles, and service accounts with identity and access.
- (Optional) Manage devices in your deployment with Device Associations.
- (Optional) View health, security, and telemetry metrics with AIOps for NGFW.
- (Optional) Monitor and manage items such as multitenant status, alerts, alarms, virtual ION devices through the Strata Multitenant Cloud Manager.
Who Can Use Identity and Access
The following topics address who can use Common Services: Identity &
Access Management.
Prisma Access (Managed by Strata Cloud Manager)
First Time Activation | Transitioned to Strata Multitenant Cloud Manager | Managed Security Service Provider (MSSP) |
---|---|---|
If you are a new Prisma Access (Managed by Strata Cloud Manager) customer as of
August 2022, use Identity
& Access to manage user access, roles, and
service accounts.
|
If you are an existingPrisma Access (Managed by Strata Cloud Manager) customer, you
have received
information about the transition of your Prisma Access
tenant to the
Strata Multitenant Cloud Manager. After your Prisma Access instance is transitioned to a tenant, you will no longer
see a Prisma Access app tile on the hub. However,
there will be a button on the hub to navigate to
sase.paloaltonetworks.com. After the transition, use Identity
& Access to manage user access, roles, and
service accounts. Your existing users and roles will be
migrated with the appropriate roles. Until the transition,
continue to manage your deployment as you have been doing.
|
If you are a Managed Security Service Provider (MSSP) or
distributed enterprise Prisma Accesscustomer as of
July 2022, you are already using Identity
& Access to manage user access, roles, and
service accounts.
|
Prisma Access (Managed by Panorama)
If you are an existing Prisma Access (Managed by Panorama) customer, you have received information about the
transition of your Prisma Access license activation to Common Services. After the transition, you can only use Common Services
for license activation. You cannot use the other Common Services such as
Tenant Management or Identity & Access for managing Prisma Access
or Panorama. Continue to manage your tenants and user role permissions on
Panorama as you have been doing. However, you can use Common Services:
Identity and Access for managing other apps such as ADEM and Insights.
Prisma SD-WAN
First Time Activation | Transitioned to Strata Multitenant Cloud Manager | Managed Security Service Provider (MSSP) |
---|---|---|
If you are a new Prisma SD-WAN customer
as of July 2022, you are automatically directed to Identity
& Access to manage user access, roles, and
service accounts.
|
If you are an existing Prisma SD-WAN
customer who has received
information about the transition of your tenant to the
Strata Multitenant Cloud Manager. After your instance is
transitioned to a tenant, you will no longer see an app tile
on the hub. However, there will be a button on the hub to
navigate to sase.paloaltonetworks.com. After the transition,
use Identity
& Access to manage user access, roles, and
service accounts. Your existing users and roles will be
migrated with the appropriate roles. Until the transition,
continue to manage your deployment as you have been doing.
|
If you are a Managed Security Service Provider (MSSP) or
distributed enterprise Prisma SD-WAN
customer as of July 2022, you are already using Identity
& Access to manage user access, roles, and
service accounts.
|
CASB
If you are a new CASB customer as of
November 2022, or an existing customer with SaaS Security API who wants to
upgrade to CASB, use Identity & Access to
manage user access, roles, and service accounts.
Enterprise License Agreement Add-on
If you are an ELA customer using the AIOps for
NGFW add-on, which is compatible with tenants and tenant service groups (TSGs)
as of February 2023, use Identity & Access to
manage user access, roles, and service accounts.
If you are an ELA customer using the IoT Security
add-on, which is compatible with tenants and tenant service groups (TSGs) as of
March 2023, use Identity & Access to
manage user access, roles, and service accounts.
AIOps for NGFW a la Carte
If you are using the AIOps for NGFW a la carte license, which is compatible with
tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to
manage user access, roles, and service accounts.
SaaS Security Posture Management
If you are using the standalone SaaS Security Posture Management license, which
is compatible with tenants and tenant service groups (TSGs) as of February 2023,
use Identity & Access to
manage user access, roles, and service accounts.to activate licenses.