Create IoT Security Users

Create IoT Security users, assign user roles, and view users in the IoT Security portal.
IoT Security supports RBAC (role-based access control) through App Administrator, Instance Administrator, Owner, Administrator, and Read-only roles. Creating users for the IoT Security application involves three steps:
  • Create a user account in the Customer Support Portal
  • Assign a user role in the hub
  • (For Administrator and Read-only users) Allow access to all sites or a subset of sites
  1. Log in to the Customer Support Portal with superuser permissions, which allow you to create new user accounts.
  2. Click
    Members
    Create New User
    , enter the required information, and then
    Submit
    .
    A new user account is created and added to the account as a member. An email notification is sent to the new user with login credentials.
  3. Log in to the hub.
  4. Click the gear icon in the upper right of the hub landing page and then
    Access Management
    .
  5. Expand the IoT Security section in the left panel, select the IoT Security instance to which you want to assign the user, select the check box for the user account you just created, and then
    Assign Roles
    .
  6. Select
    IoT Security
    in the left panel to display the IoT Security role assignment window in the main panel.
  7. Choose one of the following roles from the Role drop-down list:
    App Administrator
    Instance Administrator
    Owner
    Administrator
    Read only
  8. For information about these user roles, click
    Role Definitions
    .
    To learn more about the App Administrator and Instance Administrator roles, which are common roles for all Palo Alto Networks apps and provide the same privileges in IoT Security as Owner, see Available Roles. To learn more about the Owner, Administrator, and Read only roles, which are specific to IoT Security, see User Roles for IoT Security.
  9. View users and their roles in the hub and IoT Security portal.
    You can see a list of users and their roles on the Access Management page in the hub and, if you’re logged in with Owner privileges, on the User Accounts page (
    Administration
    User Accounts
    ) in the IoT Security portal.
  10. Determine which sites an Administrator or Read-only user can access.
    When logged in to the IoT Security portal with Owner privileges, click
    Administration
    User Accounts
    and then click an entry for an Administrator or Read-only user in the Email (Username) column.
    The User Role & Access dialog box opens. By default, all users have access to all sites.
    To give the user access to a subset of sites, click the
    x
    in the All label and then select the names of the sites or site groups to which you want to permit access.
    For information about site groups and how to use them to control what data users can access, see Sites and Site Groups.
    When done,
    Save
    the configuration change. The next time the user logs in, he or she will only have access to devices and data for the selected sites.

Recommended For You