Prisma Access
Delete a Tenant
Table of Contents
Delete a Tenant
Delete a tenant in a
Prisma Access (Managed by Panorama)
deployment.Delete a tenant in a
Prisma Access (Managed by Panorama)
deployment by completing the following
steps.
Where Can I Use
This? | What Do I Need? |
|---|---|
|
|
- While you can delete all tenants in a multitenant deployment, you cannot delete the admin-levelPrisma Accessconfiguration where you add or delete tenants.
- When you delete a tenant,Prisma Accessdeletes the template and device group set for which you are licensed, but does not delete the unlicensed set. For example, if you have aPrisma Accessfor Users license and delete a tenant,Prisma Accessdeletes the mobile user-related template stacks, templates, and device groups but does not delete the set it created for the unlicensedPrisma Accessfor Networks. You can manually delete these unused template and device group sets after you delete the tenant.
- From the Panorama that managesPrisma Access, select .
- Select the tenant, and delete all configuration associated with it.Perform this step as a best practice to make sure that all configuration is deleted from the tenant, including any Service Connection, Mobile User, Remote Network, or Clean Pipe configuration.
- Commit and Push your changes toPrisma Access.
- Select .
- Edit Selections, and make sure that all the components you deleted (including Remote Networks, Mobile Users, Service Setup, Explicit Proxy, and Clean Pipe, depending on your deployment) are selected.
- ClickPush.
- Select one or more tenants and thenDeletethem.Deleting a tenant removes the tenant from Panorama but does not remove the tenant from thePrisma Accessinfrastructure. To delete a tenant and remove it from the infrastructure, you delete it, perform a local commit, and then deprovision it as shown in the following steps.If you delete the tenant but do not deprovision it, you can still retrieve it by contacting Palo Alto Networks support.If you have your Panoramas set up in an HA configuration, only perform the delete and deprovision operations from the Active Panorama in an HA pair.
A pop-up window displays, confirming the tenant deletion process. ClickYesto continue, or clickNoto cancel the deletion.
- Commit your changes locally to Panorama by selecting andCommityour changes.After the local commit, the tenants are marked for deletion and are removed from the list of tenants, but are not deleted from thePrisma Accessinfrastructure. A pop-up displays showing the tenants that are deleted.
- (Optional) To completely remove the tenants from thePrisma Accessinfrastructure,Deprovision Deleted Tenants.Deprovisioning a tenant:
- Removes it from your configuration and thePrisma Accessinfrastructure, and you cannot retrieve it.
- Regains the license that was allocated to the tenant.
A confirmation message displays with the names of the tenants that would be deprovisioned; clickOKto continue the deprovisioning of the tenant, orCancelthe operation.When you deprovision a tenant, you completely delete the tenant and all resources that are allocated with it, and you regain the licenses that were allocated to these tenants. The tenant cannot be retrieved.
If no tenants need to be deprovisioned, the following message displays.
- (Optional) Check the status of the deprovisioning operation by going to . The deprovisioning operation and the name of the tenant is displayed in the logs.
