Activation & Onboarding
  • Activation & Onboarding
  • AI Runtime Security Documentation
  • All Documentation
>
Create and Associate a Deployment Profile for AI Runtime Security: API Intercept
Focus
Download PDF
Focus
  1. Home
  2. AI Runtime Security
  3. Activation & Onboarding
  4. AI Runtime Security: API Intercept Overview
  5. Create and Associate a Deployment Profile for AI Runtime Security: API Intercept
Download PDF
AI Runtime Security

Create and Associate a Deployment Profile for AI Runtime Security: API Intercept

Table of Contents

Create and Associate a Deployment Profile for AI Runtime Security: API Intercept

Create and Associate a Deployment Profile in the Customer Support Portal for AI Runtime Security: API Intercept.
This page helps you create a deployment profile for AI Runtime Security: API intercept in the Customer Support Portal and associate a deployment profile to your tenant service group (TSG).
This helps to complete the onboarding process and generate a Strata Cloud Manager instance with AI Runtime Security: API intercept.
Where Can I Use This?What Do I Need?
  • AI Runtime Security

Prerequisites

  • AI Runtime Security: API intercept is not available in FedRAMP-authorized cloud environments.
  • Contact Palo Alto Networks support for the first-time activation of a TSG in the Customer Support Portal.
  • To activate the deployment profile, you must have super-user privileges in TSG.
  • Ensure you have a credit pool available for Software NGFW credits, as these are required for licensing AI API intercept. Your subscription includes Strata Cloud Manager, Enterprise DLP, and Strata Logging Service.
  • For onboarding AI API intercept, ensure your TSG does not have an existing AIOps subscription. If it does, create a new TSG without AIOps (Strata Cloud Manager Base).

Create a Deployment Profile for AI Runtime Security: API Intercept in Customer Support Portal

  1. Log in to the Palo Alto Customer Support Portal.
  2. Navigate to Products > Software/Cloud NGFW Credits.
  3. Locate your credit pool and click Create Deployment Profile.
  4. Under Select firewall type, select AI Runtime Security (API).
  5. Select Next.
  6. Enter a Profile Name.
  7. Enter the Max API calls per day (a minimum of 10 records and a maximum of 1000).
    During the promotional period, 1,000 API calls are allowed per day.
  8. Calculate Estimated Cost. (It consumes zero credits).
    The credits bundle the Strata Cloud Manager Pro, Enterprise DLP, and Strata Logging Service.
  9. Click Create Deployment Profile.
    This takes you to the Software NGFW Credits page in the Customer Support Portal.
    Next, you associate this deployment profile with a TSG as explained in the section below.

Associate a Deployment Profile to a Tenant Service Group (TSG)

Associate the deployment profile auth code with the TSG.
The Hub creates an instance for Strata Cloud Manager Pro, DLP, and Strata Logging Service.
Before you begin, create a deployment profile for AI Runtime Security: API Intercept in the Customer Support Portal.
  1. Log in to Palo Alto Networks Customer Support Portal.
  2. Navigate to Products Software/Cloud NGFW Credits.
  3. Locate the credit pool you used to create the deployment profile and click Details.
  4. Locate your AI Runtime Security: API intercept deployment profile and click Finish Setup.
    This takes you to the Hub page to activate the subscriptions based on your deployment profile.
  5. Select the Customer Support Account used to create your deployment profile from the drop-down list.
  6. Select a Tenant or create a new one (Click the "+" icon. Enter a Name and click Ok).
    Use separate tenants for enabling AI Runtime Security network and API intercepts.
  7. Select a Region.
    We support the Americas region only.
  8. Select the Deployment Profile you created previously and click Done.
    The profile shows the Enterprise DLP, Strata Cloud Manager Pro, and AI Runtime Security API subscriptions.
    Record the Auth Code.
    If you have any existing deployment profiles associated with your tenant, don't uncheck them. Doing so will disassociate them from the tenant.
  9. Select a Data Loss Prevention (DLP) instance. If you don't have one, select Create New.
  10. Agree to the Terms and Conditions.
  11. Click Activate to activate the deployment profile.
    You must have super user privileges in the TSG to activate the deployment profile.
    When creating a new API key, associate it with an unused deployment profile. You can either select an existing unused deployment profile or create a new one.
    The activation takes you to the Hub page that shows the services that are activated. The Hub creates instances for:
    1. Strata Cloud Manager Pro (Cloud Management, Strata Cloud Manager, and ADEM SLS)
    2. Enterprise DLP
    3. Strata Logging Service
  12. Verify the TSG association completion in the Hub:
    1. Navigate to Common Services → Tenant Management.
    2. Select your tenant and switch to Deployment Profiles.
    3. Confirm that the Profile Association Status is Complete.
    This completes the provisioning. Next, activate the auth code to create an API key and an AI security profile in the Strata Cloud Manager.

Edit Deployment Profile

Edit your deployment profile to modify the value for maximum number of API calls per day limit.
  1. Log in to the Palo Alto Customer Support Portal.
  2. Navigate to Products → Software/Cloud NGFW Credits.
  3. Locate the credit pool you used to create the deployment profile and click Details.
  4. Locate your AI Runtime Security: API intercept deployment profile, click on the three `...` dots next to the profile and click Edit Profile.
  5. Update the Max API call per day value and click Update Deployment Profile.
  6. Click View Tenant for the updated deployment profile. This takes you to the Hub page.
  7. Agree to the Terms and Conditions.
  8. Activate. This takes a while to re associate your updated deployment profile to the TSG, you can then connect to the Strata Cloud Manager tenant.

Deactivate Deployment Profile

This section shows how to deactivate a deployment profile in Customer Support Portal.
  1. Log in to the Palo Alto Customer Support Portal.
  2. Navigate to Products → Software/Cloud NGFW Credits.
  3. Select the AI Runtime Security (API) tab.
  4. Select the three `...` dots next to the AI Runtime Security: API intercept and click Deactivate Firewall.
    This deactivates the AI Runtime Security: API intercept and revokes the API keys associated with this auth code.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.