Focus

Prisma SD-WAN

Prisma SD-WAN Device and Tenant Management

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Version
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Version
- 5.6
- 6.1
- 6.2
- 6.3
- 6.4
- 6.5
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Assign Domains to Sites

Prisma SD-WAN MSP Dashboard

Prisma SD-WAN Device and Tenant Management

Prisma SD-WAN for MSPs provides a set of operational features for Managed Service Providers (MSPs) to manage devices and tenants within their purview.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Prisma SD-WAN license

Prisma SD-WAN provides a set of operational features for Managed Service Providers (MSPs) to manage devices and tenants within their purview.

Multi-Tenancy

The Prisma SD-WAN controller has multi-tenancy integrated into the solution, allowing service providers, enterprise customers, and managed support organizations to provide dedicated services based on their organizational structure. Some examples of multi-tenancy are:

MSPs operating the Prisma SD-WAN environment for multiple customers.
Enterprise customers with a central purchasing model, which uses several lines of business independently within the enterprise.

MSP Account Roles and Permissions

Role-based access control and authentication is supported for all operations performed by the MSPs. The MSP tenant, though subservient to the Prisma SD-WAN tenant, acts as a super-tenant to all the client tenants under its control.

Typically, MSP accounts are regular user accounts with additional set of roles, and Single Sign-On (SSO) access through an enterprise Identity Provider (IdP). A group name within an IdP system may be mapped to the same name to create a custom role. The MSP roles and their responsibilities can be classified as:

MSP Role	Permissions
MSP Root (esp_root)	A single root user who has complete control over all aspects of the MSP account. A root user is intended to be a fail-safe, fallback user account and should not be used for regular day-to-day access, administration, and management.
MSP Super (esp_super)	A super administrator with privileges to manage other user accounts within the provider account. Optionally, this administrator manages and administers other customer networks.
Identity and Access Management (IAM) Administrator (esp_iam_admin)	An IAM administrator with privileges to manage other user accounts within the MSP account.
ESP Machine Admin (esp_machine_admin)	An administrator with privileges to manage machine (ION device) allocation and deallocation to child tenants.
MSP User (esp_user)	A user with privileges to manage and administer other customer networks after an administrator has assigned the user to a customer account.

In a MSP account, you may view, manage, or administer other client networks and accounts, if:

The client and the provider authorize the client account for management by the provider. This authorization takes place through Prisma SD-WAN customer support for security and tracking.
Specific users of a provider account are assigned to manage specific, approved client accounts for that provider. This is handled by the users of a provider account who have super administrator or administrator privileges.

Assign Domains to Sites

Prisma SD-WAN MSP Dashboard

Prisma SD-WAN Docs

Prisma SD-WAN Device and Tenant Management

Prisma SD-WAN Docs

Prisma SD-WAN Device and Tenant Management

Multi-Tenancy

MSP Account Roles and Permissions

Related CLIs

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources