Common Services: Identity and Access
    : PAN Resource Names
    Focus
    Download PDF
    Focus
    1. Home
    2. Common Services
    3. Common Services: Identity and Access
    4. Manage Third Party Identity Provider Integrations Through Common Services
    5. PAN Resource Names
    Download PDF

    Common Services: Identity and Access

    PAN Resource Names

    Table of Contents

    PAN Resource Names

    Learn how to use access policy resource names for tenant mapping through the
    Common Services
    .
    When assigning an access policy to a user or a service account (such as in mapping a tenant for SAML authorization purposes), the PAN Resource Name identifies the tenant or tenant service group (TSG) hierarchy where you are applying access policies.

    Properties for Predefined Roles

    The properties available for assigning an access policy with a predefined role follow:
    Property
    Description
    Required
    predefined_role_name
    The role name as listed in all roles, not as displayed in the web interface label.
    Required
    prn
    Property resource name. Must be "prn".
    Required
    tsg_id
    The tenant service group ID as displayed in the web interface.
    Required
    app_id
    • AIOps for NGFW: strata_insights
    • AIOps for NGFW Free: strata_insights_free
    • Cloud Identity Engine: directory_sync
    • Cortex Data Lake
      : logging_service
    • Enterprise DLP: dlp
    • IoT Security: zingbox
    • Next-Generation CASB: ng_casb
    • Prisma Access
       + NGFW: prisma_access
    • Prisma SD-WAN
      : cgx
    Optional
    region
    Reserved
    Reserved
    instance
    Reserved
    Reserved
    resource_scope
    Reserved
    Reserved
    Use the properties in the following format: <predefined_role_name>@prn:<TSG_ID>:<app_id>:<region>:<instance>:<resource_scope>
    If app_id is left blank, then the role will apply to All Apps and Services.
    Example:
    superuser@prn:1234567890::::

    Properties for Custom Roles

    The properties available for assigning an access policy with a custom role follow:
    Property
    Description
    Required
    custom_role_id
    The role ID as displayed in the Custom Role ID column in the format of
    name:number
    .
    Required
    prn
    Property resource name. Must be "prn".
    Required
    tsg_id
    The tenant service group ID as displayed in the web interface.
    Required
    app_id
    • AIOps for NGFW: strata_insights
    • AIOps for NGFW Free: strata_insights_free
    • Cloud Identity Engine: directory_sync
    • Cortex Data Lake
      : logging_service
    • Enterprise DLP: dlp
    • IoT Security: zingbox
    • Next-Generation CASB: ng_casb
    • Prisma Access
       + NGFW: prisma_access
    • Prisma SD-WAN
      : cgx
    Optional
    region
    Reserved
    Reserved
    instance
    Reserved
    Reserved
    resource_scope
    Reserved
    Reserved
    Use the properties in the following format: <custom_role_ID>@prn:<TSG_ID>:<app_id>:<region>:<instance>:<resource_scope>
    If app_id is left blank, then the role will apply to All Apps and Services.
    Example:
    role:0987654321@prn:1234567890::::

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.