FedRAMP
Multitenant Cloud-managed Prisma Access FedRAMP Activation
Table of Contents
Activate a License for Prisma Access Multitenant FedRAMP High "In Process" Through
Common Services
Prisma Access
Multitenant FedRAMP High "In Process" Through
Common Services
Learn about cloud-managed
Prisma Access
multitenant FedRAMP license activation through
Common Services
.Where Can I Use
This? | What Do I Need? |
---|---|
|
|
If you are a Panorama customer, Activate a License for
Panorama-managed
Prisma Access
FedRAMP instead. If you are activating a single tenant, Activate a License for Single Tenant
Cloud-managed
Prisma Access
FedRAMP instead.After you receive an email from Palo Alto Networks identifying the FedRAMP license you are
activating, including all your add-ons and capacities,
Get Started with
to begin the activation process. The
service will help you with the process of claiming your license, creating your
tenant, and managing your users. Prisma Access
- SelectGet Started within your email.Prisma Access
- Select the activation flow forMSP and Distributed Enterprise.
- UseMSP and Distributed Enterprise on Cloud Managementfor first-time multitenant activation:
- UseCloud Managementfor return visits to multitenant license activation:
- Provide your work email address,Create your password, andContinue.The service uses this email address for the user account assigned to the tenant that you use for this license. This tenant, and any others created by this email address, will have theMultitenant Superuserrole.
- If you have a Palo Alto Networks Customer Support FedRAMP account, then enter the email address you used when you registered for that account.
- If you do not have a Palo Alto Networks Customer Support FedRAMP account, thenCreate a New Account.
- Select your products to highlight them for activation, thenActivate.
- You are automatically directed to, where youCommon ServicesSubscription & Add-onsClaimthe subscription for your product.
- Choose theFedRAMP Customer Support accountnumber that you want to use to claim the license.
- Make sure that you intend to set up a multitenant hierarchy. This is typically for Managed Security Service Providers (MSSPs) or distributed enterprises. If you only want a single tenant, activate a license for single tenant cloud-managedPrisma AccessFedRAMP instead.Create Newtenant that you want to use for this license. This is not necessarily the actual tenant you will use when allocating this license but is, instead, the top-most, root-level name of the parent tenant service group under which you will create the child tenants and activate the licenses.
- Claim and continue.
- You are automatically directed toTenant Managementto the parent tenant where the license was claimed.
- Edit Tenantto give the tenant a name of your choice, such as ParentTenant in the examples that follow. You can also add a business vertical and a support contact.
- Add aNew Tenantto create a multitenant hierarchy, such as ChildTenantEast and ChildTenantWest in the examples that follow. You can also add a business vertical and a support contact.
- Select a tenant where you want to add your licensed product.
- Prisma Accesscan be activated against any tenant in the hierarchy — there is no requirement for the parent tenant to havePrisma Accessactivated.
- Select theContractfor the product in theGov Regionwhere you want to deploy your product.There is no cross-region aggregation. Make sure that all your tenants are in the same region for monitoring purposes.
- ToggleActivateto view your activation choices.Prisma Access
- Choose how to allocate thePrisma AccessLicense:
- Allocate part of the license to this tenant if you want to conserve part of the license for another tenant.
- Allocate the entire license to this tenant if you do not have other tenants or if you have other licenses available to allocate to your other tenants.
- Share aPrisma Accesslicense
- Allocate licenses per number of mobile users (MU).
- The maximum number of users available for your first tenant is based on yourPrisma Accesslicense quantity.
- The number of users available for other tenants is based on the remainder after allocation.
- Based on your license, you need a minimum capacity to share with another tenant. For example,Prisma Accesslocal edition requires a minimum of 200 licenses that need to be allocated whether it's a root tenant or a child tenant, butPrisma Accessglobal or worldwide edition requires a minimum of 1000 licenses that need to be allocated whether it's a root tenant or a child tenant.
- If you have a license that is a combination of MU+RN together, you can’t split it into different tenants. For example, a 200 MU+RN local edition license still needs to be split as minimum 200 MU+RN in each tenant. You can’t have 200 MU in one tenant and 200 RN in another tenant.
- Secure mobile users withPrisma Access.
- Allocate licenses per bandwidth of remote networks (RN).
- The maximum amount of bandwidth available for your first tenant is based on yourPrisma Accesslicense quantity.
- The amount of bandwidth available for other tenants is based on the remainder after allocation.
- Based on your license, you need a minimum capacity to share with another tenant. For example,Prisma Accesslocal edition requires 200 Mbps that need to be allocated whether it's a root tenant or a child tenant, but a Prisma Access global or worldwide requires min of 1000 Mbps that need to be allocated whether it's a root tenant or a child tenant.
- If you have a license that is a combination of MU+RN together, you can’t split it into different tenants. For example, a 200 MU+RN local edition license still needs to be split as minimum 200 MU+RN in each tenant. You can’t have 200 MU in one tenant and 200 RN in another tenant.
- Secure remote networks withPrisma Access.
- Choose how many locations to allocate to your tenant.
- If you have a local edition license, the default number of locations is 5, and the number available for allocating to your tenants is based on the Additional Locations add-on. If you have a global or worldwide license, the number of locations is unlimited, so you do not have the option to add the quantity.
- The select/deselect checkbox is available for toggle if you have chosen to allocate part of the license to this tenant forPrisma Accesslicense sharing.
- The number available for other tenants is based on the remainder after allocation.
- Set up your data lake.
- Allocate part of the part of the available storage to this tenant if you want to conserve part of the storage for another tenant.
- Allocate the entire available storage to this tenant if you do not have other tenants or if you will purchase additional capacity to allocate to your other tenants.
- Based on your license, you need a minimum capacity to share with another tenant. For example, aPrisma Accesslocal and business licenses require 1 TB.
- SeeStrata Logging ServiceGetting Started Guide.
- ProductsorAdd-onsare enabled by default based on your contract.Disable (deselect) add-ons you don’t want to activate now, such as Autonomous DEM and Service Connection.Use the following settings for the CASB Bundle:
- URL Subnetis the URL to launch the corresponding service UI.
- Agree to the Terms and Conditions.
- Activate Now. The products and add-ons that you are activating (such asPrisma AccessorStrata Logging Service) are now provisioned. As the subscriptions are activating, the progress status will display. When the process is complete, the tenant status displays asUp. You now have a tenant provisioned with instances of the products that you purchased. The tenant has one user — the Customer Support account that you used when you began this process.
- To complete the product setup, you must access the products you purchased and perform any required post-installation configuration. For information about your products, see:
- Strata Logging ServiceGetting Started Guide
- Prisma AccessCloud Managed Administrators Guide
- Prisma AccessInsights Administrators Guide
- Autonomous DEM inPrisma Access
- (Optional) In a multitenant hierarchy, monitor your tenants with thePrisma AccessSummary Dashboard.