Delete a Tenant

1. From the Panorama that manages Prisma Access, select PanoramaCloud ServicesConfiguration.
2. Select the tenant, and delete all configuration associated with it.

   Perform this step as a best practice to make sure that all configuration is deleted from the tenant, including any Service Connection, Mobile User, Remote Network, or Clean Pipe configuration.
3. Commit and Push your changes to Prisma Access.

   1. Select CommitPush to Devices.
   2. Edit Selections, and make sure that all the components you deleted (including Remote Networks, Mobile Users, Service Setup, Explicit Proxy, and Clean Pipe, depending on your deployment) are selected.

   3. Click Push.
4. Select one or more tenants and then Delete them.

   Deleting a tenant removes the tenant from Panorama but does not remove the tenant from the Prisma Access infrastructure. To delete a tenant and remove it from the infrastructure, you delete it, perform a local commit, and then deprovision it as shown in the following steps.

   If you delete the tenant but do not deprovision it, you can still retrieve it by contacting Palo Alto Networks support.

   If you have your Panoramas set up in an HA configuration, only perform the delete and deprovision operations from the Active Panorama in an HA pair.

   A pop-up window displays, confirming the tenant deletion process. Click Yes to continue, or click No to cancel the deletion.

5. Commit your changes locally to Panorama by selecting CommitCommit to Panorama and Commit your changes.

   After the local commit, the tenants are marked for deletion and are removed from the list of tenants, but are not deleted from the Prisma Access infrastructure. A pop-up displays showing the tenants that are deleted.

6. (Optional) To completely remove the tenants from the Prisma Access infrastructure, Deprovision Deleted Tenants.

   Deprovisioning a tenant:

   • Removes it from your configuration and the Prisma Access infrastructure, and you cannot retrieve it.
   • Regains the license that was allocated to the tenant.

   A confirmation message displays with the names of the tenants that would be deprovisioned; click OK to continue the deprovisioning of the tenant, or Cancel the operation.

   When you deprovision a tenant, you completely delete the tenant and all resources that are allocated with it, and you regain the licenses that were allocated to these tenants. The tenant cannot be retrieved.

   If no tenants need to be deprovisioned, the following message displays.

7. (Optional) Check the status of the deprovisioning operation by going to MonitorLogsSystem. The deprovisioning operation and the name of the tenant is displayed in the logs.