Migration to Tenant View
As part of Palo Alto Networks' initiative to deliver a more integrated and seamless
experience, Prisma Access, Prisma SD-WAN, and other app instances are being migrated
from the traditional Customer Support Portal (CSP) model to a tenant-based model, also
known as a Tenant Service Group (TSG), within the Strata Cloud Manager or the hub.
The migration is being carried out in phases. Along with the Prisma Access instances, all
associated dependencies—such as Strata Logging Service and Cloud Identity Engine
(CIE)—are also transitioned to the tenant model. During this process, app tiles remain
visible in the original Customer Support Portal (CSP) view until all related instances
have been fully migrated. After the migration is complete, these app tiles are removed
from the CSP view. Access to your migrated instances is then available through a new
tenant view in the hub, which includes a button that directs you to your tenant in the
Strata Multitenant Cloud Manager.
FedRAMP Moderate Customers: Tenant Migration and SASE Platform
As part of the broader initiative to transition to a tenant-based model, FedRAMP
Moderate customers of Prisma Access will begin migrating to the Strata
Cloud Manager starting in January 2024. This section provides answers to
common questions about this migration and what the move to the SASE platform
means for existing customers.
What is the SASE Platform?
You will see a new and revamped user-friendly process and management
interface providing a natural SaaS activation experience. We have created
sase.paloaltonetworks.com as a single location to access and manage
anything and everything related to SASE for FedRAMP Moderate.
This page has three main components:
Subscription management: You will be able to manage all the
available licenses from a single pane of glass. You can view the status and
activate all your available licenses. You can request evaluation to
production conversions from the product. There will be automatic detection
of activation failure and you can raise TAC tickets from the product.
Tenancy management: You will have the ability to create and
manage multiple tenants, build a hierarchy, and share and allocate license
subscriptions for the desired tenants.
Identity and access management: This is a centralized authentication
and authorization page to allow you to add user roles and permissions, for
all applications and API-based access.
What does this transition mean to existing customers activated before January
2024?
In the back-end, we are migrating all existing FedRAMP Moderate tenants in waves
starting from January 2024 to use
sase.paloaltonetworks.com.
What does this migration mean?
In the backend, we are migrating FedRAMP Moderate Prisma Access
tenants to a TSG (Tenant Service Group) in phases to begin in January 2024.
A TSG is like a container that contains an instance of multiple
products. For example, one TSG will contain a Prisma Access
instance, a Strata Logging Service instance, and a CDSS service
instance.
You will have access to the Identity and Access module for user
roles and permissions and access to APIs from a centralized API gateway.
You won't have any service disruption or any impact on infra or
dataplane.
What will you see after this transition?
You will manage all new license activations from the subscriptions
and tenants page on
sase.paloaltonetworks.com. This
page will handle all license activations, and provide the ability to manage
multiple tenants.
- You will manage all existing users on the Palo Alto Networks via the Strata Cloud Manager. You will have to make any changes to the users and roles on
the Identity and Access Management module on sase.paloaltonetworks.com going forward. In the backend, we are
mapping existing user roles to the same or similar role on the Identity and
Access Management page.
