Cloud NGFW for AWS
    : Invite Users to Cloud NGFW for AWS
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Getting Started with Cloud NGFW for AWS
    5. Invite Users to Cloud NGFW for AWS
    Download PDF

    Cloud NGFW for AWS

    Invite Users to Cloud NGFW for AWS

    Table of Contents

    Invite Users to Cloud NGFW for AWS

    Learn about the various user roles and how to invite users to a Cloud NGFW for AWS tenant.
    As a Tenant Admin, you can invite additional users to help manage your Cloud NGFW deployment. You can then place these new users into the roles necessary for their level of access. When you invite a user to the Cloud NGFW tenant, by specifying the user’s email address and assigning one or more Cloud NGFW roles, the Cloud NGFW tenant sends the user an email that includes a registration link and temporary password. After logging in for the first time, the new user will be prompted to create a new password. Until the invited user has accepted the invitation and logged in to the tenant, the invitation is considering pending.
    Cloud NGFW Role
    Permissions
    Tenant Admin
    • Add AWS Accounts.
    • Invite users and assign roles.
    Tenant Reader
    • Read all firewall resources and its settings.
    • Read all global and local rulestacks.
    • Read all tenant users and tenant settings.
    Global Firewall Admin
    • Create NGFW.
    • Create global and local rulestacks.
    Global Rulestack Admin
    Create a global rulestack.
    Local Firewall Admin
    • Create NGFW.
    • Associate local rulestack with NGFWs
    Local firewall administrators can only create NGFWs and associate rulestacks within a specified AWS account.
    Local Rulestack Admin
    • Create local rulestacks.
    • Associate local rulestacks with NGFWs
    Each Local Rulestack Admin has an account ID associated with it. This allows local rulestacks created by that admin with NGFWs in the same account.
    The email address domain of users invited by the tenant admin must match the email address domain of the tenant admin’s login credentials.
    1. Log in to the Cloud NGFW tenant.
    2. Select
      Settings
      Users and Roles
      Invite User
      .
    3. Enter the
      FirstName
      ,
      LastName
      , and
      Email
       address of the invitee.
    4. Select the new user’s role or roles from the
      Roles
       drop-down.
    5. Click
      Create
      .
      You can now invite an existing user to a Cloud NGFW tenant. However, the following are a few other use case scenarios:
      Use Case
      Step
      If you are already registered to SSO
      You will not receive an activation email
      If you are an existing user who is not registered to SSO
      You will receive an activation email to complete registration to SSO. However, you can still choose to sign in like earlier, until you complete the registration.
      When you are enrolling another subscription via quick launch, you can use an existing user email
      You will see select a tenant page
      You can now use a single email id to register to different tenants. After logging in you will be prompted to Select a Tenant and click
      Continue
      . If you are a new user, you will receive an activation email through which you can register to SSO and log in to the tenant. Existing users can login to the tenant directly using your SSO.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.