Common Services: Identity and Access
  • Common Services: Identity and Access
  • All Documentation
Common Services: Identity and Access
: Get Started with Common Services: Identity & Access
Focus
Download PDF
Focus
  1. Home
  2. Common Services
  3. Common Services: Identity and Access
  4. Get Started with Common Services: Identity & Access
Download PDF

Common Services: Identity and Access

Get Started with Common Services: Identity & Access

Table of Contents

Get Started with Common Services: Identity & Access

Explore the essential steps of Common Services: Identity & Access for activation, hub access, and app support.
Welcome to Common Services: Identity and Access.
  • Find out the
    general flow
    for accessing Identity and Access based on where you like to start: license activation, Strata Multitenant Cloud Manager, the hub, or Strata Cloud Manager.
  • Find out
    where you can use
    Identity & Access based on license,
    app support
    , first-time activation, or tenant transition status.

What is the General Flow for Identity & Access?

There are a few ways to access Identity & Access:
First Time ActivationPrisma SASE Multitenant Platform and FedRAMPTenant View of the hubAIOps for NGFW and Strata Cloud Manager
If you're activating a license for the first time, you are automatically directed to Common ServicesIdentity & Access during the activation process.
If you have received information about the transition of your tenant to the Multitenant Platform, you can access through the original support account view of the hubPrisma SASE Platform button Tenants and ServicesCommon ServicesIdentity & Access.
To access directly from the hub, toggle to tenant view of the hubCommon Services Identity & Access
Depending on your licensed products, and if you have received information about the migration of your tenant to Strata Cloud Manager, you can access through SettingsIdentity & Access.
See the Common Services FAQ for further information about tenants, the tenant transition, or the tenant view of the hub.
Regardless of how you access Common Services: Identity & Access, you’ll use approximately the following flow to manage your deployment.
  1. Activate licenses for your deployment type.
  2. Manage users, roles, and service accounts with identity and access.
  3. (Optional) Manage devices in your deployment with Device Associations.
  4. (Optional) View health, security, and telemetry metrics with AIOps for NGFW.
  5. (Optional) Monitor and manage items such as multitenant status, alerts, alarms, virtual ION devices through the Strata Multitenant Cloud Manager.

Which Licenses Can Use Identity & Access?

The following topics describe which licenses can use Common Services: Identity & Access Management.

Prisma Access (Managed by Strata Cloud Manager)

First Time ActivationTransitioned to Strata Multitenant Cloud ManagerManaged Security Service Provider (MSSP)
If you are a new Prisma Access (Managed by Strata Cloud Manager) customer as of August 2022, use Identity & Access to manage user access, roles, and service accounts.
If you are an existing Prisma Access (Managed by Strata Cloud Manager) customer, you have received information about the transition of your Prisma Access tenant to the Strata Multitenant Cloud Manager. After your Prisma Access instance is transitioned to a tenant, you will no longer see a Prisma Access app tile on the hub. However, there will be a button on the hub to navigate to sase.paloaltonetworks.com. After the transition, use Identity & Access to manage user access, roles, and service accounts. Your existing users and roles will be migrated with the appropriate roles. Until the transition, continue to manage your deployment as you have been doing.
If you are a Managed Security Service Provider (MSSP) or distributed enterprise Prisma Access customer as of July 2022, you are already using Identity & Access to manage user access, roles, and service accounts.

Prisma Access (Managed by Panorama)

If you are an existing Prisma Access (Managed by Panorama) customer, you have received information about the transition of your Prisma Access license activation to Common Services. After the transition, you can only use Common Services for license activation. You cannot use the other Common Services such as Tenant Management or Identity & Access for managing Prisma Access or Panorama. Continue to manage your tenants and user role permissions on Panorama as you have been doing. However, you can use Common Services: Identity and Access for managing other apps such as ADEM and Insights.

Prisma SD-WAN

First Time ActivationTransitioned to Strata Multitenant Cloud ManagerManaged Security Service Provider (MSSP)
If you are a new Prisma SD-WAN customer as of July 2022, you are automatically directed to Identity & Access to manage user access, roles, and service accounts.
If you are an existing Prisma SD-WAN customer who has received information about the transition of your tenant to the Strata Multitenant Cloud Manager. After your instance is transitioned to a tenant, you will no longer see an app tile on the hub. However, there will be a button on the hub to navigate to sase.paloaltonetworks.com. After the transition, use Identity & Access to manage user access, roles, and service accounts. Your existing users and roles will be migrated with the appropriate roles. Until the transition, continue to manage your deployment as you have been doing.
If you are a Managed Security Service Provider (MSSP) or distributed enterprise Prisma SD-WAN customer as of July 2022, you are already using Identity & Access to manage user access, roles, and service accounts.

CASB

If you are a new CASB customer as of November 2022, or an existing customer with SaaS Security API who wants to upgrade to CASB, use Identity & Access to manage user access, roles, and service accounts.

Enterprise License Agreement Add-on

If you are an ELA customer using the AIOps for NGFW add-on, which is compatible with tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to manage user access, roles, and service accounts.
If you are an ELA customer using the IoT Security add-on, which is compatible with tenants and tenant service groups (TSGs) as of March 2023, use Identity & Access to manage user access, roles, and service accounts.

AIOps for NGFW a la Carte

If you are using the AIOps for NGFW a la carte license, which is compatible with tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to manage user access, roles, and service accounts.

SaaS Security Posture Management

If you are using the standalone SaaS Security Posture Management license, which is compatible with tenants and tenant service groups (TSGs) as of February 2023, use Identity & Access to manage user access, roles, and service accounts.

Which Apps and Services Support Identity & Access

You can manage access to multiple Palo Alto Networks apps and services with a single identity provider. While other Palo Alto Networks apps may support the use of the same third-party identity provider, the following apps and services can be specifically managed through Common Services: Identity & Access:
  • All Apps & Services—Encompasses all the applications and services entitled to you by your licenses from Palo Alto Networks.
  • AIOps for NGFW—Includes all features of the AIOps for NGFW Free tier, plus advanced cloud management, machine learning techniques to optimize security posture, and enhanced visualizations for deep insights into threats and network events.
  • AIOps for NGFW Free—Provides essential tools for firewall configuration assessment, access to telemetry data, system issue detection, and dynamic dashboards to enhance understanding and management of firewall deployments.
  • Cloud Identity Engine—Enhances security by providing centralized identity management across various applications and services in cloud environments.
  • Data Security—Protects sensitive data across the organization by implementing robust security measures and compliance protocols.
  • Enterprise DLP (Data Loss Prevention)—Detects and prevents potential data breaches or losses in enterprise environments through rigorous monitoring and control mechanisms.
  • IoT Security—Secures IoT connected devices and networks from potential threats and vulnerabilities inherent in connected environments.
  • Prisma Access & NGFW Configuration—Allows for the configuration and management of Next-Generation Firewalls within the Prisma Access ecosystem for secure cloud-based environments.
  • Prisma Access Browser—A browser-based solution that provides secure and direct access to cloud and internet resources with integrated security controls.
  • Prisma SD-WAN—Facilitates secure, app-aware connectivity across branches and campuses with simplified WAN and cloud integration.
  • Strata Logging Service—Offers centralized logging services to capture and analyze data logs for security and network performance purposes from Palo Alto Networks devices and services.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.