Activate SaaS Security Inline for Prisma Access
Learn how to activate SaaS Security Inline on Prisma Access.
To unlock the SaaS Security Inline capabilities, simply activate SaaS Security Inline from the activation email that you received. After activation, you can log in to your SaaS Security Inline tenant to explore SaaS visibility data.
SaaS Security Inline offers capabilities such as SaaS visibility, SaaS policy rule recommendations, and ACE (App-ID Cloud Engine); however, SaaS Security Inline for Prisma Access does not support policy synchronization at this time.
SaaS Security Inline activation:
- Creates a URL for SaaS Security Inline login.
- Pushes the SaaS Security Inline license to the Prisma Access tenants that you select. Panorama does not require a license.
- Enables a secure and encrypted connection and successful, mutual authentication between SaaS Security Inline, Prisma Access, Panorama, and CDL (Cortex Data Lake).
Before you activate:
- Ensure that your environment meets all the activation requirements for the SaaS Security Inline features you want to enable. (SaaS administrator)RequirementFeaturesSaaS VisibilityACE and Policy SynchronizationOne new or existing Cortex Data Lake (CDL) license per SaaS tenant.YesSaaS policy rule recommendations are supported, but policy synchronization is not supported currently.Same Support Account (CSP ID) for SaaS tenant, CDL, Enterprise DLP, and Prisma Access tenants.YesOne SaaS Security Inline license per CSP ID.YesSaaS Security Inline requires network traffic data for analysis. Prisma Access automatically forwards logs with that data to CDL. Your SaaS Security Inline subscription requires that you have an active CDL instance, which stores the data logs from Prisma Access.
The example activation below is for a new Prisma Access deployment. Adding a SaaS Security Inline license to an existing Prisma Access deployment is similar, but not identical. Use this example as a guide.
- Open your SaaS Security Inline activation email and clickActivate.The number of Activate buttons in the email you received depends on what you purchased. Each Activate button launches the same onboarding workflow that lets you activate all your purchased products together. Click anyActivatebutton to begin. Additionally, your activation email depends on the type of activation: purchase, trial, or evaluation.
- Log in with your Palo Alto Networks Customer Support Portal account credentials.
- Select the products to activate, thenStart Activation.If you have multiple items to activate, leave them all selected when youStart Activation.
- Select aCustomer Support Account, thenNext.If you have more than one Support account, select the one associated with the Prisma Access tenant to subscribe to SaaS Security Inline.
- Choose how to manage Prisma Access, thenNext.
- Cloud-Based Management Console—Use the Prisma Access app on the Palo Alto Networks hub to quickly onboard branches and mobile users.
- Panorama—Use the Cloud Services plugin on Panorama to set up and manage Prisma Access. If new Panorama,Register New Panorama.
- InFinalize Selections, configure SaaS Security Inline.
- Cortex Data Lake SelectionandRegion Selection—You must have an active CDL or activate a new one now. Do one of the following:
- New CDL—SelectActivate Newif you are activating a new data lake subscription, then choose its region.
- Existing CDL—Select an existing data lake instance to use if you did not purchase a new CDL. If you have more than one Cortex Data Lake instance, choose the one to which Prisma Access will forward logs with network traffic metadata.
- SaaS Tenant,SaaS Region, andSaaS Subdomain—Do one of the following:
- New Tenant—SelectActivate Newto create a new SaaS Security Inline tenant, then type a subdomain name, which completes the URL for your SaaS Security Inline app and becomes the URL where you log in to the SaaS Security web interface.SaaS Subdomainis prepopulated with the domain name from your email address, but you can change it if you want.
- Existing Tenant—Select an existing tenant if you did not purchase a new CDL or you don’t want to activate a newly purchased CDL. Each SaaS tenant requires a unique CDL. You cannot reuse CDLs. The onboarding process enforces this requirement and automatically populatesSaaS Tenantwith the SaaS tenant that is mapped to the existing CDL.SaaS Regiondefaults to CDL region.
- Verify your activation selections, read and agree to the terms and conditions, thenConfirm Selections.Depending upon what you onboard, the activation process creates a URL for your SaaS Security web interface and applies SaaS Security Inline licenses to the selected Prisma Access tenant and links them to your SaaS Security account.
- Verify that your CDL serial number displays on SaaS Security web interface and indicatesMonitoring.
Recommended For You
Recommended videos not found.