Invite Users to Cloud NGFW for AWS
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Cloud NGFW for AWS Pricing
- Link Your PAYG Account with Cloud NGFW Credits
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Usage Explorer
- Create a Support Case
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Cortex Data Lake
- Tag Based Policies
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
Invite Users to Cloud NGFW for AWS
Learn about the various user roles and how to invite users to a Cloud NGFW for AWS
tenant.
As a Tenant Admin, you can invite additional
users to help manage your Cloud NGFW deployment. You can then place
these new users into the roles necessary for their level of access.
When you invite a user to the Cloud NGFW tenant, by specifying the
user’s email address and assigning one or more Cloud NGFW roles,
the Cloud NGFW tenant sends the user an email that includes a registration
link and temporary password. After logging in for the first time,
the new user will be prompted to create a new password. Until the
invited user has accepted the invitation and logged in to the tenant,
the invitation is considering pending.
Cloud NGFW Role | Permissions |
---|---|
Tenant Admin |
|
Tenant Reader |
|
Global Firewall Admin |
|
Global Rulestack Admin | Create a global rulestack. |
Local Firewall Admin |
Local
firewall administrators can only create NGFWs and associate rulestacks
within a specified AWS account. |
Local Rulestack Admin |
Each
Local Rulestack Admin has an account ID associated with it. This
allows local rulestacks created by that admin with NGFWs in the
same account. |
The email address domain of users invited
by the tenant admin must match the email address domain of the tenant
admin’s login credentials.
- Log in to the Cloud NGFW tenant.
- Select.SettingsUsers and RolesInvite User
- Enter theFirstName,LastName, andEmailaddress of the invitee.
- Select the new user’s role or roles from theRolesdrop-down.
- ClickCreate.You can now invite an existing user to a Cloud NGFW tenant. However, the following are a few other use case scenarios:Use CaseStepIf you are already registered to SSOYou will not receive an activation emailIf you are an existing user who is not registered to SSOYou will receive an activation email to complete registration to SSO. However, you can still choose to sign in like earlier, until you complete the registration.When you are enrolling another subscription via quick launch, you can use an existing user emailYou will see select a tenant pageYou can now use a single email id to register to different tenants. After logging in you will be prompted to Select a Tenant and clickContinue. If you are a new user, you will receive an activation email through which you can register to SSO and log in to the tenant. Existing users can login to the tenant directly using your SSO.