Invite Users to Cloud NGFW for AWS

Learn about the various user roles and how to invite users to a Cloud NGFW for AWS tenant.
As a Tenant Admin, you can invite additional users to help manage your Cloud NGFW deployment. You can then place these new users into the roles necessary for their level of access. When you invite a user to the Cloud NGFW tenant, by specifying the user’s email address and assigning one or more Cloud NGFW roles, the Cloud NGFW tenant sends the user an email that includes a registration link and temporary password. After logging in for the first time, the new user will be prompted to create a new password. Until the invited user has accepted the invitation and logged in to the tenant, the invitation is considering pending.
Cloud NGFW Role
Tenant Admin
  • Add AWS Accounts.
  • Invite users and assign roles.
Tenant Reader
  • Read all firewall resources and its settings.
  • Read all global and local rulestacks.
  • Read all tenant users and tenant settings.
Global Firewall Admin
  • Create NGFW.
  • Create global and local rulestacks.
Global Rulestack Admin
Create a global rulestack.
Local Firewall Admin
  • Create NGFW.
  • Associate local rulestack with NGFWs
Local firewall administrators can only create NGFWs and associate rulestacks within a specified AWS account.
Local Rulestack Admin
  • Create local rulestacks.
  • Associate local rulestacks with NGFWs
Each Local Rulestack Admin has an account ID associated with it. This allows local rulestacks created by that admin with NGFWs in the same account.
The email address domain of users invited by the tenant admin must match the email address domain of the tenant admin’s login credentials.
  1. Log in to the Cloud NGFW tenant.
  2. Select
    Users and Roles
    Invite User
  3. Enter the
    address of the invitee.
  4. Select the new user’s role or roles from the
  5. Click

Recommended For You