Focus

Common Services: Identity and Access

Add User Access Through Common Services

Table of Contents

Add User Access Through
Common Services

Learn how to add Common Services user access.

The Common Services: Access and Identity enables you to add user access to the platform as well as to the tenants you created.

If you are a Prisma SD-WAN customer, you can use IP Session Lock for restricting access by client source IP address and also for legacy API auth token purposes, but general user management is done here.

A Palo Alto Networks Customer Support Account is only necessary for users who need to perform onboarding tasks. Other users can be invited to use Palo Alto Networks single sign on without Customer Support Accounts. Be aware that not all apps are fully migrated to use Identity and Access, so still might need to use Customer Support Accounts. However, If you integrate with a third party IDP for your enterprise, you do not have to add user accounts explicitly in the platform as they will be automatically added when they are successfully authenticated. However, roles need to be assigned for all users. To ensure a seamless login and authorization experience for your users, you can add users and assign roles for them ahead of time.

After you add a tenant, you can add a service account from

Common Services

Identity & Access

Any user access added to a tenant is also automatically added to all of that tenant's children.

Use one of the various ways to access

Common Services

Identity & Access

Select

Identity & Access/Access Management

Select the tenant where you want to add user access. For example:

Select the ParentTenant for a user who needs access to all the tenants in the hierarchy.

Select the ChildTenant for a user who only needs access to a single tenant or to a subset of tenants in the hierarchy.