: Get Started with Common Services: Identity & Access
Focus
Focus

Get Started with Common Services: Identity & Access

Table of Contents

Get Started with Common Services: Identity & Access

Get Started with Common Services: Identity & Access
Welcome to Common Services: Identity and Access.
  • Find out the general flow for accessing Identity and Access based on where you like to start: license activation, Strata Multitenant Cloud Manager, the hub, or Strata Cloud Manager.
  • Find out who can use Identity & Access based on app support, first time activation, or tenant transition status.

What is the General Flow for Identity and Access?

There are a few ways to access Identity & Access:
First Time ActivationPrisma SASE Multitenant Platform and FedRAMPTenant View of the hubAIOps for NGFW and Strata Cloud Manager
If you are activating a license for the first time, you are automatically directed to Common ServicesIdentity & Access during the activation process.
If you have received information about the transition of your tenant to the Multitenant Platform, you can access through the original support account view of the hubPrisma SASE Platform button Tenants and ServicesCommon ServicesIdentity & Access.
To access directly from the hub, toggle to tenant view of the hubCommon Services Identity & Access
Depending on your licensed products, and if you have received information about the migration of your tenant to Strata Cloud Manager, you can access through SettingsIdentity & Access.
See the Common Services FAQ for further information about tenants, the tenant transition, or the tenant view of the hub.
Regardless of how you access Common Services: Identity & Access, you’ll use approximately the following flow to manage your deployment.
  1. Activate licenses for your deployment type.
  2. Manage users, roles, and service accounts with identity and access.
  3. (Optional) Manage devices in your deployment with Device Associations.
  4. (Optional) View health, security, and telemetry metrics with AIOps for NGFW.
  5. (Optional) Monitor and manage items such as multitenant status, alerts, alarms, virtual ION devices through the Strata Multitenant Cloud Manager.

Who Can Use Identity and Access

The following topics address who can use Common Services: Identity & Access Management.

Prisma Access (Managed by Strata Cloud Manager)

First Time ActivationTransitioned to Strata Multitenant Cloud ManagerManaged Security Service Provider (MSSP)
If you are a new Prisma Access (Managed by Strata Cloud Manager) customer as of August 2022, use Identity & Access to manage user access, roles, and service accounts.
If you are an existingPrisma Access (Managed by Strata Cloud Manager) customer, you have received information about the transition of your Prisma Access tenant to the Strata Multitenant Cloud Manager. After your Prisma Access instance is transitioned to a tenant, you will no longer see a Prisma Access app tile on the hub. However, there will be a button on the hub to navigate to sase.paloaltonetworks.com. After the transition, use Identity & Access to manage user access, roles, and service accounts. Your existing users and roles will be migrated with the appropriate roles. Until the transition, continue to manage your deployment as you have been doing.
If you are a Managed Security Service Provider (MSSP) or distributed enterprise Prisma Accesscustomer as of July 2022, you are already using Identity & Access to manage user access, roles, and service accounts.

Prisma Access (Managed by Panorama)

If you are an existing Prisma Access (Managed by Panorama) customer, you have received information about the transition of your Prisma Access license activation to Common Services. After the transition, you can only use Common Services for license activation. You cannot use the other Common Services such as Tenant Management or Identity & Access for managing Prisma Access or Panorama. Continue to manage your tenants and user role permissions on Panorama as you have been doing. However, you can use Common Services: Identity and Access for managing other apps such as ADEM and Insights.

Prisma SD-WAN

First Time ActivationTransitioned to Strata Multitenant Cloud ManagerManaged Security Service Provider (MSSP)
If you are a new Prisma SD-WAN customer as of July 2022, you are automatically directed to Identity & Access to manage user access, roles, and service accounts.
If you are an existing Prisma SD-WAN customer who has received information about the transition of your tenant to the Strata Multitenant Cloud Manager. After your instance is transitioned to a tenant, you will no longer see an app tile on the hub. However, there will be a button on the hub to navigate to sase.paloaltonetworks.com. After the transition, use Identity & Access to manage user access, roles, and service accounts. Your existing users and roles will be migrated with the appropriate roles. Until the transition, continue to manage your deployment as you have been doing.
If you are a Managed Security Service Provider (MSSP) or distributed enterprise Prisma SD-WAN customer as of July 2022, you are already using Identity & Access to manage user access, roles, and service accounts.

CASB

If you are a new CASB customer as of November 2022, or an existing customer with SaaS Security API who wants to upgrade to CASB, use Identity & Access to manage user access, roles, and service accounts.

Enterprise License Agreement Add-on

If you are an ELA customer using the AIOps for NGFW add-on, which is compatible with tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to manage user access, roles, and service accounts.
If you are an ELA customer using the IoT Security add-on, which is compatible with tenants and tenant service groups (TSGs) as of March 2023, use Identity & Access to manage user access, roles, and service accounts.

AIOps for NGFW a la Carte

If you are using the AIOps for NGFW a la carte license, which is compatible with tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to manage user access, roles, and service accounts.

SaaS Security Posture Management

If you are using the standalone SaaS Security Posture Management license, which is compatible with tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to manage user access, roles, and service accounts.to activate licenses.