Access the Aperture Service

Log in to the Aperture service for the first time, change your password, and restrict the IP addresses administrators can log in from.
As soon as you receive your login credentials from Palo Alto Networks, you can log in to the Aperture service. Your credentials include a temporary password. To prevent unauthorized access to the system, you must change the password as soon as you log in as described in the following procedure.
  1. Log in to the Aperture service.
    1. Go to the URL provided in your Aperture order fulfillment email.
      The URL for the Aperture service uses this format: https://<your_company_name>.aperture.paloaltonetworks.com
      For example, the company XYZ would use the Aperture service at:
      https://xyz.aperture.paloaltonetworks.com.
    2. Enter the username and temporary password provided in the fulfillment email and click Log in.
      aperture-login.png
    3. When prompted to reset your password, enter a New Password, Confirm your Password, and Proceed to sign EULA.
    4. Read the End-User License Agreement (EULA) and then click I Accept.
      Any additional Aperture administrators you add must also accept the EULA before they can log in the first time.
  2. Verify your license.
    To verify you successfully activated your license, select SettingsLicense Info. You should see information about your subscription, including the number of users permitted by the license:
    • Renewal Date—The date your subscription expires.
    • Number of Licensed Users—The number of users who can have an account on the Aperture service.
    • Serial Number—A unique serial number associated with your Aperture license and you will need this number to obtain support.
    If you did not purchase a license yet, you can use the trial version on a single app with unlimited users for 60 days.
    settings-license-info-view.png
  3. (Best Practice) Restrict the IP addresses administrators can log in from.
    For example, allow administrators to access Aperture only from corporate IP addresses or subnets.
    You can add login restrictions using only IPv4 addresses; you can use dotted decimal (255.255.0.0) or CIDR notation (/16) to specify subnet masks.
    1. Select SettingsGeneral Settings.
    2. Specify an IP address you will allow or deny Aperture administrative access from:
      • To restrict access to only one or a group of IP addresses, select Allow access from specific IP addresses only and add the IPv4 address(es), one address or subnet per line.
        login-restrictions-allow-ips.png
      • To block access only from one or a group of addresses, select Deny access from specific IP addresses only and add the addresses you want to block, one address or subnet per line.
    3. Save your changes.

Related Documentation