Prisma SD-WAN Administrator’s Guide
    : Add a New User on Prisma SD-WAN
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Administrator Authorization and Authentication
    6. Role Based Access Control
    7. System Roles
    8. Add a New User on Prisma SD-WAN
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Add a New User on Prisma SD-WAN

    Table of Contents

    Add a New User on Prisma SD-WAN

    Let us learn more about adding a new user on Prisma SD-WAN.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    Add a new user with system role as per the requirements of your enterprise. An IAM administrator assigns roles to users responsible for administering the network in your enterprise.
    Use the following links to add users based on your web interface.
    • Migrated to Strata Cloud Manager
      If your Prisma SD-WAN tenant has migrated to Strata Cloud Manager (SCM), your users are now a part of the Tenant Service group (TSG). As part of the migration, you now manage, add, and edit users through the Strata Cloud Manager Identity and Access settings.
      However, you will continue to see the migrated users in Strata Cloud Manager under ManagePrisma SD-WANSystemAccess ManagementTenant AccessAuth Token Session Lock.
      You cannot add or edit users here, you can only modify the IP session lock for users for API access.
    • Using the stand-alone Prisma SD-WAN web interface (Non-TSG Tenants)
      1. Select ManageSystemAccess ManagementUser AccessUser ManagementAdd User.
      2. For Create New User, enter the First Name and optionally the Last Name of the user.
      3. Toggle Access to allow the user to access the Prisma SD-WAN web interface.
        By default, access is disabled.
      4. Add the Email/Login ID.
      5. Enter a New Password and confirm the password for the user.
      6. Choose a Role for the user.
        Assign one or more roles to the user. Select from the available system or custom roles. Or create custom roles.
      7. Select the IP Session Lock.
        IP Session Lock checks the client source IP address from where a login request originates. By default it is enabled.
        • If IP session lock is enabled, the auth tokens generated from this user is locked to the user's IP address.
        • If auth tokens are generated and IP session lock for a user is left as Default or Enabled, the auth token is usable only from the source IP address from which it was generated.
        • If auth tokens from this user is only used on machines that they are generated on, and the source IP address used to connect to the API remains the same, then you can choose the Enabled or Default.
        • If the auth tokens are intended to be used on different systems and/or systems that may connect to the API from different IP Addresses, choose Disabled.
      8. (Optional) Enter the IP/Prefix Access List.
        IP/Prefix Access List enables the login for the entered IP addresses. Add multiple IP addresses by selecting Add Another IP to the list.
        (Optional) Add Mobile Phone and Secondary Email to the user profile.
      9. Save to add the user details.

    © 2024 Palo Alto Networks, Inc. All rights reserved.