Common Services: License Activation, Subscription, & Tenant Management
    : Get Started with Common Services: License Activation, Subscription, Tenant Management, & Product Management
    Focus
    Download PDF
    Focus
    1. Home
    2. Common Services
    3. Common Services: License Activation, Subscription, & Tenant Management
    4. Get Started with Common Services: License Activation, Subscription, Tenant Management, & Product Management
    Download PDF

    Common Services: License Activation, Subscription, & Tenant Management

    Get Started with Common Services: License Activation, Subscription, Tenant Management, & Product Management

    Table of Contents

    Get Started with
    Common Services
    : License Activation, Subscription, Tenant Management, & Product Management

    Get Started with
    Common Services
    : License Activation, Subscription, Tenant Management, & Product Management.
    Welcome to License Activation, Subscription, Tenant Management, and Product Management. Activate and manage all your available licenses from one location. In multitenant deployments, you can create multiple tenants, build a hierarchy, and share and allocate license subscriptions for the desired tenants.
    Strata Cloud Manager
     is for commercial deployments only and not yet available for Prisma SASE FedRAMP Moderate or High "In Process." The Prisma SASE FedRAMP Moderate or High "In Process" deployments see the Prisma SASE Platform.

    Activate a Free Product

    Products offered for free, such as AIOps Free and CIE, don't need an activation link or auth code for activation. The
    hub
     serves as the entry point for you to activate such products. If you have a Customer Support Portal account with access to authenticate on the tenant view of the
    hub
    , you can see all the products available to you for activation.
    Activating a product from the tenant view of the
    hub
     creates a single tenant where the product is deployed.
    After you activate a product, you have access to Common Services to manage your product from the
    hub
     or
    Strata Cloud Manager
    . You get assigned the Superuser role to manage your product.

    Activate a License or Subscription for Paid Products

    First-time license activation for paid products is through an email that you receive from Palo Alto Networks regarding. The email contains an activation link. Activating a product from the activation link creates a single tenant where the product is deployed.
    After you activate a product, you have access to Common Services to manage your product from the
    hub
     or
    Strata Cloud Manager
    . You get assigned the Superuser role to manage your product.

    Single Customer Support Portal Activation Behavior

    See the license activation topics in this guide for details about activating specific products. In general, for a single Customer Support Portal account, certain fields in the activation form are prepopulated for you. Depending on your product, you might be asked to select a region where you want to deploy the product, to select or create
    Strata Logging Service
     to store your logs, to select or create a Cloud Identity Engine instance to identify and verify all users across your infrastructure, or to associate devices or appliances.
    • In the activation workflow, the Customer Support Portal account associated with the user is prepopulated if there is only one Customer Support Portal account associated with the user.
    • For the selected Customer Support Portal account, if there is no prior tenant associated, the tenant field is autopopulated with the same name as the Customer Support Portal account.
    • After completing the activation, the user who is activating the first product is added as a superuser on the selected tenant, and can also add other users.
    • The default tenant can't be deleted as long as there are products activated in the tenant.
    • If the user's selected Customer Support Portal account has a previously mapped tenant, and the user activating a license does not have access to that tenant, the user is informed to contact the tenant account admin to request access.

    Multiple Customer Support Portal Activation Behavior

    See the license activation topics in this guide for details about activating specific products. In general, if you have multiple Customer Support Portal accounts, you will select the Customer Support Portal account that you want to use for managing your product. Depending on your product, you might be asked to select a region where you want to deploy the product, to select or create
    Strata Logging Service
     to store your logs, to select or create a Cloud Identity Engine instance to identify and verify all users across your infrastructure, or to associate devices or appliances.
    • If there are multiple Customer Support Portal accounts associated with the user activating a license, the user can select a specific Customer Support Portal account.
    • For the selected Customer Support Portal account, if there is no prior tenant associated, the tenant field is autopopulated with a default tenant that has the same name as the Customer Support Portal account name.
    • After completing the activation, the user who is activating the first product is added as a superuser on the selected tenant, and they should be able to add other users.
    • If the selected Customer Support Portal account has a previously mapped tenant, and the user does not have access to that tenant, the user is informed to contact the account admin to request access.
    • If users require a multitenant setup, they are provided with an option to create a new tenant or a child tenant. They can create the hierarchy with the first child in the tenant management page. They can select the child tenant or create a new child tenant from the activation workflow.
    • If multiple tenants exist where products have been previously activated for the Customer Support Portal account, but the user does not have access to those tenants, the user is warned that the product will be activated in a different tenant from where the other services are currently active. The user gets the option to proceed anyway, but is warned that dependent products need to be activated in the same tenant.

    Managed Security Service Provider (MSSP) Activation Behavior

    See the license activation topics in this guide for details about activating specific products. In general, for a Managed Security Service Provider (MSSP), you will select the Customer Support Portal account that you want to use for managing your customers' products. You will create a tenant hierarchy to manage them. Depending on the product, you might be asked to select a region where you want to deploy the product, to select or create
    Strata Logging Service
     to store the logs, to select or create a Cloud Identity Engine instance to identify and verify all users across the infrastructure, or to associate devices or appliances.
    After you activate a tenant heirarchy, you have access to Common Services to manage your tenants from the
    hub
     or
    Strata Cloud Manager
    . You can also use
    Strata Multitenant Cloud Manager
     aggregated views for monitoring information across all of your tenants.
    • In the case of managed security service providers (MSSP), the end customers are managed by the MSSP that owns the Customer Support Portal account.
    • The default tenant is associated with the MSSP Customer Support Portal account. The user activating the product must be granted access to that tenant, and then user can create child tenants and activate products in the child tenant.

    How to Access Subscription Management, Tenant Management, and Product Management

    After you activate a license for your product, there are a few ways to access Subscription Management, Tenant Management, and Product Management.
    Prisma SASE Multitenant Portal and FedRAMP
    Single Tenant View of the
    hub
    Multienant View of the
    hub
    Single Tenant
    AIOps for NGFW
     and
    Strata Cloud Manager
    Multitenant
    AIOps for NGFW
     and
    Strata Cloud Manager
    If you're a
    FedRAMP Moderate customer as of January 2024 or
     Prisma SASE FedRAMP High "In Process" customer as of December 2023, the following also applies to you.
    If you have received information about the transition of your tenant to the Prisma SASE Multitenant Portal, you can access through the
    original support account view of the hub
    Prisma SASE Platform button
    Tenants and Services
    Common Services
    Subscription or Tenant Management
    .
    From the
    tenant view of the hub
    Common Services
    button, you will see
    Subscriptions & Add-ons
    Products
     in a single tenant environment.
    From the
    tenant view of the hub
    Common Services
    button, you will see
    Subscriptions & Add-ons
    Tenant Management
     in a multitenant environment
    If you have a single tenant, you can access through
    Settings
    Subscriptions or Products
    .
    If you have a multitenant environment, you can access through
    Settings
    Subscriptions or Tenants
    .
    Regardless of how you access Subscriptions or Tenants, you’ll use approximately the following flow to manage your deployment.
    1. Activate licenses for your deployment type.
    2. Manage your tenants.
    3. Manage users, roles, and service accounts with identity and access.
    4. (
      Optional
      ) Manage devices in your deployment with Device Associations.
    5. (
      Optional
      ) View health, security, and telemetry metrics with AIOps for NGFW.
    6. (
      Optional
      ) Monitor and manage items such as multitenant status, alerts, alarms, virtual ION devices through the
      Strata Multitenant Cloud Manager
      .
    See the Common Services FAQ for further information about tenants, the tenant transition, or the tenant view of the hub.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.