Focus

Common Services: Identity and Access

Common Services

Table of Contents

Web UI Permissions
Common Services Settings for managing audit logs, devices, identity & access, subscriptions, and tenants. UI path: Settings Audit Logs Device Associations Identity & Access Subscriptions & Add-ons Tenants No Access: hides the page.	Audit Log View the logs for changes to AIOps settings. UI path:SettingsAudit Logs Read: View the audit log table, use the filters, and reset the filters. Write: Same as read.
	Device Associations Allows you to associate devices with a tenant, associate apps with devices, and remove device associations. UI path:SettingsDevice Associations Read: View the device associations. Write: View and take action on the devices, such as: add devices, associate apps, and remove associations.
	Identity & Access Management Control authentication and authorization of user roles and permissions for all applications and API-based access. UI path:SettingsIdentity & Access Read: View the Identity & Access Menu. Write: Use the Identity & Access Menu.	Access Management Manage users and service accounts and predefined roles. UI path:SettingsIdentity & AccessAccess Management Read: View users and service accounts. Write: View and take action such as add users and service accounts, remove users and service accounts, assign roles, modify roles, and reset service account client secrets. Identity Federations Manage third party identity provider (IDP) to allow access to the platform, rather than adding users directly to the platform itself. UI path:SettingsIdentity & AccessIdentity Federations Read: View the identity federations tab and if you’re a federation owner, you can add identity federation, delete identity federation, verify federation owners, view verification instructions, delete federation owners, download SP metadata, enable identity provider, edit identity provider, and delete identity provider. Write: View and take action on the federation mappings, such as: map tenants for authorization, and edit tenant mapping for authorization. Trusted IP List Restrict access to your applications by specifying IP addresses that are allowed on a per tenant basis. UI path:SettingsTrusted IP List Read: View the Trusted IP List menu under Settings Write: View and take action on the Trusted IP List, such as: add new trusted IP range or delete a trusted IP range. Roles Manage custom roles. UI path:SettingsIdentity & AccessRoles Read: View the predefined and custom roles. Write: View and take action on the custom roles, such as: add a custom role, edit a custom role, clone a custom role, and delete a custom role.
	Tenant Management Create and manage your hierarchy of business organizations and units, represented by tenants. UI path:SettingsTenants Read: View the tenants, plus the products and deployment profiles activated within the tenants. Write: Take action on the tenants, such as: add, edit, delete, acquire, move, etc.	Tenant Acquisitions After you submit a request to acquire an external tenant, you can view the history of the acquisition requests. UI path:SettingsTenantsTenant Acquisition History Read: View the Tenant Acquisition History tab. Write: Can request to acquire new tenants or approve acquisition requests. Select a status to see the details of acquisition requests, such as who was contacted for approval. Tenant Table You won't see this menu if you have a single tenant. UI path:SettingsTenants Read: View the products activated in the tenant. Write: View product information and take actions such as: delete tenant, edit tenant, add tenant, manage sharing, and rename tenant.
	Subscriptions & Add-ons Manage all the licenses that you have access to based on your support account. UI path:SettingsSubscriptions Read: View licenses, view support accounts, and activation profiles. Write: View and take action such as: activate or update already activated instances, offboard instances (if the app supports it), and create activation profiles.

Strata Logging Service

Add a Service Account

© 2025 Palo Alto Networks, Inc. All rights reserved.