Get Started with Common Services: License Activation, Subscription, Tenant Management, & Product Management
Table of Contents
Expand all | Collapse all
Get Started with Common Services: License Activation, Subscription, Tenant Management, & Product Management
Get Started with Common Services: License Activation, Subscription, Tenant Management,
& Product Management.
Welcome to License Activation, Subscription, Tenant Management, and Product Management. Activate
and manage all your available licenses from one location. In multitenant
deployments, you can create multiple tenants, build a hierarchy, and share
and allocate license subscriptions for the desired tenants.
- Activate a Free Product
- Activate a License or Subscription for Paid Products
- Single Customer Support Portal Activation Behavior
- Multiple Customer Support Portal Activation Behavior
- Managed Security Service Provider (MSSP) Activation Behavior
- How to Access Subscription Management, Tenant Management, and Product Management
Strata Cloud Manager is for commercial deployments only and not yet available for Prisma SASE
FedRAMP Moderate or High "In Process." For the Prisma SASE FedRAMP Moderate
or High "In Process" deployments see the Prisma SASE Platform.
Activate a Free Product
Products offered for free, such as AIOps Free and CIE, don't need an
activation link or auth code for activation. The hub serves as the entry point for you to activate
such products. If you have a Customer Support Portal account with
access to authenticate on the tenant view of the hub, you can see all the products available to you for
activation.
Activating a product from the tenant view of the hub
creates a single tenant where the
product is deployed.
After you activate a product, you have access to Common Services to
manage your product from
the hub or Strata Cloud Manager. You
get assigned the Superuser role to
manage your product.
Activate a License or Subscription for Paid Products
First-time license activation for paid products is through an email that
you receive from Palo Alto Networks regarding. The email contains an
activation link. Activating a product from the activation link
creates a single tenant where the
product is deployed.
After you activate a product, you have access to Common Services to
manage your product from
the hub or Strata Cloud Manager. You get
assigned the Superuser role to
manage your product.
Single Customer Support Portal Activation Behavior
See the license activation topics in this guide for details about
activating specific products. In general, for a single Customer
Support Portal account, certain fields in the activation form are
prepopulated for you. Depending on your product, you might be asked
to select a region where you want to deploy the product, to select
or create Strata Logging Service to store your logs, to
select or create a Cloud Identity Engine instance to identify and
verify all users across your infrastructure, or to associate devices
or appliances.
- In the activation workflow, the Customer Support Portal account associated with the user is prepopulated if there is only one Customer Support Portal account associated with the user.
- For the selected Customer Support Portal account, if there is no prior tenant associated, the tenant field is autopopulated with the same name as the Customer Support Portal account.
- After completing the activation, the user who is activating the first product is added as a superuser on the selected tenant, and can also add other users.
- The default tenant can't be deleted as long as there are products activated in the tenant.
- If the user's selected Customer Support Portal account has a previously mapped tenant, and the user activating a license does not have access to that tenant, the user is informed to contact the tenant account admin to request access.
Multiple Customer Support Portal Activation Behavior
See the license activation topics in this guide for details about
activating specific products. In general, if you have multiple
Customer Support Portal accounts, you will select the Customer
Support Portal account that you want to use for managing your
product. Depending on your product, you might be asked to select a
region where you want to deploy the product, to select or create Strata Logging Service to store your logs, to select or
create a Cloud Identity Engine instance to identify and verify all
users across your infrastructure, or to associate devices or
appliances.
- If there are multiple Customer Support Portal accounts associated with the user activating a license, the user can select a specific Customer Support Portal account.
- For the selected Customer Support Portal account, if there is no prior tenant associated, the tenant field is autopopulated with a default tenant that has the same name as the Customer Support Portal account name.
- After completing the activation, the user who is activating the first product is added as a superuser on the selected tenant, and they should be able to add other users.
- If the selected Customer Support Portal account has a previously mapped tenant, and the user does not have access to that tenant, the user is informed to contact the account admin to request access.
- If users require a multitenant setup, they are provided with an option to create a new tenant or a child tenant. They can create the hierarchy with the first child in the tenant management page. They can select the child tenant or create a new child tenant from the activation workflow.
- If multiple tenants exist where products have been previously activated for the Customer Support Portal account, but the user does not have access to those tenants, the user is warned that the product will be activated in a different tenant from where the other services are currently active. The user gets the option to proceed anyway, but is warned that dependent products need to be activated in the same tenant.
Managed Security Service Provider (MSSP) Activation Behavior
See the license activation topics in this guide for details about
activating specific products. In general, for a Managed Security
Service Provider (MSSP), you will select the Customer Support Portal
account that you want to use for managing your customers' products.
You will create a tenant hierarchy to manage them. Depending on the
product, you might be asked to select a region where you want to
deploy the product, to select or create Strata Logging Service to store the logs, to select or create a Cloud Identity Engine
instance to identify and verify all users across the infrastructure,
or to associate devices or appliances.
After you activate a tenant heirarchy, you have access to Common Services to
manage your tenants from
the hub or Strata Cloud Manager. You can
also use Strata Multitenant Cloud Manager aggregated views for monitoring
information across all of your tenants.
- In the case of managed security service providers (MSSP), the end customers are managed by the MSSP that owns the Customer Support Portal account.
- The default tenant is associated with the MSSP Customer Support Portal account. The user activating the product must be granted access to that tenant, and then user can create child tenants and activate products in the child tenant.
How to Access Subscription Management, Tenant Management, and Product Management
After you activate a license for your product, there are a few ways to
access Subscription Management, Tenant Management, and Product
Management.
Prisma SASE Multitenant
Portal and FedRAMP
| Single Tenant View of the hub | Multienant View of the hub | Single Tenant AIOps for NGFW and Strata Cloud Manager | Multitenant AIOps for NGFW and Strata Cloud Manager |
---|---|---|---|---|
If you're a FedRAMP
Moderate customer as of January 2024 or
Prisma SASE FedRAMP High "In Process" customer as
of December 2023, the following also applies to
you.
If you have received information about the
transition of your tenant to the Prisma SASE
Multitenant Portal, you can access through the original support account view of the
hubPrisma SASE Platform button Tenants and ServicesCommon ServicesSubscription or Tenant
Management.
|
From the tenant view of the hubCommon Services button, you will see
Subscriptions & Add-ons
Products in a single tenant
environment.
| From the tenant view of the hubCommon Services button, you will see
Subscriptions & Add-ons
Tenant Management in a
multitenant environment |
If you have a
single tenant, you can access through SettingsSubscriptions or Products .
|
If you have
a multitenant environment, you can access through SettingsSubscriptions or Tenants .
|
Regardless of how you access Subscriptions or Tenants,
you’ll use approximately the following flow to manage your
deployment.
- Activate licenses for your deployment type.
- Manage users, roles, and service accounts with identity and access.
- (Optional) Manage devices in your deployment with Device Associations.
- (Optional) View health, security, and telemetry metrics with AIOps for NGFW.
- (Optional) Monitor and manage items such as multitenant status, alerts, alarms, virtual ION devices through the Strata Multitenant Cloud Manager.
See the Common Services FAQ
for further information about tenants, the tenant transition, or the
tenant view of the hub.