From d9ad30c1fe3b489448e6826d49ce36975a65d819 Mon Sep 17 00:00:00 2001 From: jenjoe22 <110043374+jenjoe22@users.noreply.github.com> Date: Fri, 11 Oct 2024 09:50:32 -0500 Subject: [PATCH] multitenant-management-updates (#930) * multitenancy-management-updates * v feedback * intro update * legal * clean up * latest version * title fix * test 1 * V feedback * tweak * peer review * ar-review * v-legal --- .../content-collections/book.yml | 10 +- .../mssp/create-and-manage-policy-groups.adoc | 49 ------ .../mssp/create-and-manage-tenants.adoc | 86 ----------- .../mssp/mssp-introduction.adoc | 140 ----------------- .../content-collections/mssp/mssp.adoc | 23 --- .../create-and-manage-policy-groups.adoc | 50 ++++++ .../create-and-manage-tenants.adoc | 86 +++++++++++ .../multitenant-management-introduction.adoc | 142 ++++++++++++++++++ .../multitenant-management.adoc | 31 ++++ 9 files changed, 315 insertions(+), 302 deletions(-) delete mode 100644 docs/en/enterprise-edition/content-collections/mssp/create-and-manage-policy-groups.adoc delete mode 100644 docs/en/enterprise-edition/content-collections/mssp/create-and-manage-tenants.adoc delete mode 100644 docs/en/enterprise-edition/content-collections/mssp/mssp-introduction.adoc delete mode 100644 docs/en/enterprise-edition/content-collections/mssp/mssp.adoc create mode 100644 docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-policy-groups.adoc create mode 100644 docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-tenants.adoc create mode 100644 docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management-introduction.adoc create mode 100644 docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management.adoc diff --git a/docs/en/enterprise-edition/content-collections/book.yml b/docs/en/enterprise-edition/content-collections/book.yml index 143a255ea8..11290513b2 100644 --- a/docs/en/enterprise-edition/content-collections/book.yml +++ b/docs/en/enterprise-edition/content-collections/book.yml @@ -1714,11 +1714,13 @@ topics: file: aispmassets.adoc --- kind: chapter -name: Managed Security Service Provider -dir: mssp +name: Multitenant Management +dir: multitenant-management topics: - - name: MSSP Introduction - file: mssp-introduction.adoc + - name: Multitenant Management + file: multitenant-management.adoc + - name: Multitenant Management Introduction + file: multitenant-management-introduction.adoc - name: Create and Manage Tenants file: create-and-manage-tenants.adoc - name: Create and Manage Policy Groups diff --git a/docs/en/enterprise-edition/content-collections/mssp/create-and-manage-policy-groups.adoc b/docs/en/enterprise-edition/content-collections/mssp/create-and-manage-policy-groups.adoc deleted file mode 100644 index 5e503245b1..0000000000 --- a/docs/en/enterprise-edition/content-collections/mssp/create-and-manage-policy-groups.adoc +++ /dev/null @@ -1,49 +0,0 @@ -== Create and Manage Policy Groups - -A policy group is a logical grouping of out-of-the-box and/or custom Prisma Cloud Policies. The image below outlines policy and policy group creation. - -Follow the steps below to create *PolicyGroups*: - -. Select the *Policy Groups* tab from the MSSP console. - -. Select *Create Policy Group* to launch the policy group creation workflow. - -. Enter a name for the Policy Group in the *Policy Group Name* field. - -. Select the policies from the list that will be a part of the policy group. - -. View the policies selected and added to the policy group by clicking on the *Policies in this Group* tab. - -. Review the policies to confirm your selections and click *Save* to create the policy group. - - -=== Create a Policy - -The Prisma Cloud MSSP console also enables you to create a new policy called a custom policy. A custom policy can be added to a new or existing policy group, for the purpose of mapping the policy to tenants in a tenant group. - -Follow the steps below to create a custom policy: - -. Navigate to the *Policy Groups* dashboard. - -. Click on *Create Policy* to launch the custom policy creation workflow. - -. On the new Prisma Cloud tenant window select *Home > Governance > Add Policy*. - -. Reference https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/create-a-policy[Create a Custom Policy] to complete the creation of your new policy. - - -=== Map a Policy Group to a Tenant Group - -Map a policy group needs to a tenant group to extend the mapping onto the managed Prisma Cloud tenants as outlined below: - -. Navigate to the *Policy Groups* dashboard and select any policy group that you wish to map to a tenant. -+ -tt:[NOTE:] Multiple policy groups can ONLY be mapped to a single tenant group. In other words, it is not possible to map multiple policy groups to multiple tenant groups in the same operation. Repeat the mapping operation of policy groups that would be mapped to each independent tenant group. - -. Select *Map to Tenant Group*. - -. Select a tenant group to map the policy groups to. - -. Click on the *Confirm and Map* button to complete mapping. - - diff --git a/docs/en/enterprise-edition/content-collections/mssp/create-and-manage-tenants.adoc b/docs/en/enterprise-edition/content-collections/mssp/create-and-manage-tenants.adoc deleted file mode 100644 index b98610865b..0000000000 --- a/docs/en/enterprise-edition/content-collections/mssp/create-and-manage-tenants.adoc +++ /dev/null @@ -1,86 +0,0 @@ -== Create and Manage Tenants - - -Tenant Groups in MSSP are logical groupings of multiple managed Prisma Cloud tenants. Administer multiple tenants with ease by creating tenant groups and mapping individual tenants to them. Additionally, Policy groups can be mapped to tenant groups in order to apply the constituent policies of the policy group on to the individual tenants. - -Follow the steps below to create a Tenant Group: - -. On the MSSP console, select the *Tenant Groups* tab. - -. Select *Create Tenant Group* and provide a name for the group. - -. Click *Save* to complete tenant group creation. - -=== Create Tenant - -You can also create a managed Prisma Cloud tenant from the Tenant Group dashboard. Follow the steps below to create a Tenant: - -[NOTE] -==== -When creating a tenant, the details pertaining to the user should be those of the end customer who will be the “owner” of the tenant. The email address specified will be used to send a Welcome email message to the user with instructions pertaining to account creation and use of the MSSP console. -==== - -. Click on the *Tenant Groups* tab. - -. Select the on the *Create Tenant* button. - -. Provide Tenant details as shown below. -+ -image::mssp/mssp-create-tenant.png[] -+ -.. In the First Name, Last Name and email address fields, provide details pertaining to the individual who will be System Administrator on the tenant. This user will receive a welcome email from Prisma Cloud in order to manage and administer the Prisma Cloud tenant. MSSP admin users, mapped as System Administrators on the managed Prisma Cloud tenants cannot be deleted by an Admin on managed Prisma Cloud tenants. - -.. In the Company Name field, provide the name of the company or organization the Tenant is provisioned for. - -.. Optionally assign the tenant to a *Tenant Group*. -+ -[NOTE] -==== -Policy Groups can only be assigned to tenant groups. Therefore, if you know which tenant group this tenant should belong to, we recommend completing this step at this time. A tenant can alternatively be assigned to a group at a later time as well. Policies mapped from the MSSP Console are immutable on the managed Prisma Cloud tenants. -==== - -. Provide the *License Configuration* details. - -.. Select a *License Pool*. - -.. Input the total number of credits to allocate to the tenant. -+ -[NOTE] -==== -A minimum of 100 credits needs to be allocated to a tenant and the total number of credits cannot exceed the amount that is allocatable to the tenant. -==== - -.. Select a *Plan Type* to assign to the Tenant. - -.. On the *Capabilities* tab select the Default and Optional Modules you would like to enable on the tenant. Click *Next* to continue. - -. Review the summary and click *Save* to create the tenant. - - -=== Tenant Deletion and Credit Reallocation - -Credits can be reallocated from one tenant to another tenant or tenants at any time. Follow the steps below to edit an existing tenant and reduce the number of credits allocated to them: - -[NOTE] -==== -A tenant MUST have a minimum of 100 credits allocated at all times while the tenant is active. -==== - -. Navigate to the *Tenant Groups* dashboard and select any tenant that you wish to remove or reduce credits from. -. Select the pencil icon to launch the *Edit Tenant* view. -. Select *License Configuration* from the left navigation menu. -. Update the *Allocated Credits* field to the appropriate credit value. - -Once the credits are reduced from a tenant, these credits are placed back into the *Credits available for allocation* quantity. Users on the MSSP console can now leverage these credits, in addition to any credits which previously existed on the *Credits available for allocation* quantity to create a new tenant and allocated credits or edit existing tenants to increase credits allocated to the tenant. - -==== Tenant Deletion - -Keep the following caveats in mind when deleting tenants: - -* Credits will remain allocated to a deleted tenant for a period of 120 days. After 120 days, the credits are available in the *Credits that are allocatable* pool from which they can be applied to other tenants. - -* When a tenant is deleted, reduce the credits associated with the tenant to 100 (which is the minimum) and then delete a tenant, for efficient credit management. This ensures that these credits are immediately available in the *Total Purchased* quantity, available for allocation. - - - - diff --git a/docs/en/enterprise-edition/content-collections/mssp/mssp-introduction.adoc b/docs/en/enterprise-edition/content-collections/mssp/mssp-introduction.adoc deleted file mode 100644 index 8fc2d92105..0000000000 --- a/docs/en/enterprise-edition/content-collections/mssp/mssp-introduction.adoc +++ /dev/null @@ -1,140 +0,0 @@ -== Prisma Cloud Managed Security Service Provider - - -Effectively deliver security at scale with Prisma Cloud®'s Managed Security Service Provider (MSSP) service. MSSP offers a rich set of features that provides a centralized dashboard for the efficient management of a large number of tenants. - -With the MSSP console you can streamline the following functions: - -* Manage and operate a large number of tenants from a single console. -* Dynamically create and delete tenants on demand. -* Efficiently segment and manage customers into industry defined groups such as Healthcare, Finance, and more. -* Segment tenants by reallocating credits as needed, between tenants under management. -* Isolate customer data in adherence with established security best practices. -* Get centralized visibility into security telemetry such as incidents, attack paths and misconfigurations. -* Create policy groups from a set of out of the box policies and custom policies. Policy groups can be mapped to tenant groups from the MSSP console. -* Module management — selective enablement of optional modules during tenant creation. -* Visibility into credit usage across all Prisma Cloud tenants under management. - - -=== MSSP Console Features - -The MSSP console features three key dashboards that help you streamline the creation and management for tenants, policies and their related operations as shown below: - -image::mssp/mssp-intro.png[] - -*Operation Alerts* - -On the MSSP console you can select the bell icon to view *Operation Alerts* for the status of all actions that are performed by a user on the MSSP console. The following operations are displayed on the alarm center: - -* Operation Name -* Operation Description -* Mapping Policy -* When a user ‘maps’ a policy group to a tenant group. -* Unmapping Policy -* When a user ‘unmaps’ a policy group from a tenant group. -* User Creation -* Creation of user on the MSSP console -* Tenant Provisioning -* When a user creates a tenant -* Tenant Update -* When a user updates a tenant (ex. Tenant group change, credit change, etc) - - -Failed user initiated operations are listed as an entry on the *Operation Alerts* page. Additionally, users have the option to retry the failed operation. Click on the retry button available on the listing of each failed operation to retry a previous attempt. - - -*Licensing Dashboard* - -Select *MSSP console > Licensing* to view details about credits purchased/allocated and the tenants groups that they are allocated to as shown below. - -image::mssp/mssp-licensing.png[] - -[NOTE] -==== -You may experience an issue on the licensing dashboard, where there is a mismatch between the credits reported on a tenant group and the credits reported on the dashboard, when a tenant fails to create successfully. - -To resolve this issue, retry the failed tenant create operation from the *Operations Alerts* panel. Alternatively, create a new tenant from the Tenant creation workflow. - -This is a benign issue and only impacts the credits reported for the tenant on the tenant group on the licensing dashboard. It does not impact the accurate reporting of the credits purchased quantity, the credits allocated quantity or the balance. -==== - -=== Key Concepts - -Reference the table below to clarify your understanding of MSSP concepts and terminology. - -[cols="50%a,50%a"] -|=== - -|Term -|Definition - -|MSSP Console -|A centeralized dashboard that allows yous to manage and operate multiple Prisma Cloud Tenants (referred to as Managed Prisma Cloud Tenants in MSSP). - -|Managed Prisma Cloud Tenant -|A tenant managed by the MSSP console. - -|Prisma Cloud Tenant for Policy Creation (aka Synthetic Tenant) -|A tenant used to create custom policies and testing out RQL queries. This is a limited capability tenant with other capabilities disabled. - -|Tenant Groups -|A logical grouping of managed Prisma Cloud tenants. - -|Policy Groups -|A logical grouping of either out of the box Prisma Cloud policies or custom Prisma Cloud policies (that maps to Tenant groups). - -|User -|An entity on the MSSP console that provides the subject access to the MSSP console. + - -tt:[NOTE:] All users created on the Prisma Cloud MSSP console are MSSP admins on the console. Users created on the console are replicated and created as an Admin on all Prisma Cloud managed tenants. - -|Policy Groups Mapping (to Tenant Group Mapping) -|Process of mapping policies in a policy group to the tenants of the selected tenant group. - -|Licensing -|Reporting framework for Prisma Cloud tenant credit usage. - -|=== - -Reference the table below to learn more about the functions that the MSSP *System Administrator* role can perform on the MSSP console. - -[cols="50%a,40%a"] -|=== - - -|Function -|Permission Status - -|Create Tenant -|Allowed - -|Create Tenant Group -|Allowed - -|Create Policy -|Allowed - -|Create Policy Group -|Allowed - -|Map Policy Group to Tenant Group -|Allowed - -|View Tenants Groups -|Allowed - -|View Policies and Policy Groups -|Allowed - -|View Licensing -|Allowed - -|Seamless login into Managed Prisma Cloud Tenant -|Allowed - -|Prisma Cloud Tenant Operations (Managed Prisma Cloud Tenant) -|System Admin Privileges - - -|=== - diff --git a/docs/en/enterprise-edition/content-collections/mssp/mssp.adoc b/docs/en/enterprise-edition/content-collections/mssp/mssp.adoc deleted file mode 100644 index d00793696c..0000000000 --- a/docs/en/enterprise-edition/content-collections/mssp/mssp.adoc +++ /dev/null @@ -1,23 +0,0 @@ -== Welcome to Prisma Cloud MSSP - -The Prisma Cloud® Managed Security Service Provider (MSSP) service provides the Prisma Cloud MSSP Console, a single centralized dashboard, that is used to manage a potentially large number of Prisma Cloud tenants. Use the quick links below to learn more about MSSP. - - -=== MSSP at a Glance - -[cols="60%a,30%a"] -|=== - -|*What do you want to do?* -|*Start here* - -|Learn more about MSSP -|xref:mssp-introduction.adoc[MSSP Overview] - -|Create tenants -|xref:create-and-manage-tenants.adoc[Create and Manage Tenants] - -|Create Policy Groups -|xref:create-and-manage-tenants.adoc[Create and Manage Policy Groups] - -|=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-policy-groups.adoc b/docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-policy-groups.adoc new file mode 100644 index 0000000000..4703c173ae --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-policy-groups.adoc @@ -0,0 +1,50 @@ +== Create and Manage Policy Groups + +A policy group is a logical grouping of out-of-the-box and/or custom Prisma Cloud Policies. + + +Follow the steps below to create *Policy Groups*: + +. Select the *Policy Groups* tab from the Multitenant Management console. + +. Select *Create Policy Group* to launch the policy group creation workflow. + +. Enter a name for the Policy Group in the *Policy Group Name* field. + +. Select the policies from the list that will be a part of the Policy Group. + +. View the policies selected and added to the policy group by clicking on the *Policies in this Group* tab. + +. Review the policies to confirm your selections and click *Save* to create the policy group. + + +=== Create a Policy + +The Prisma Cloud Multitenant Management console also enables you to create a new policy called a custom policy. You can add a custom policy to a new or existing policy group to map the policy to tenants in a tenant group. + +Follow the steps below to create a custom policy: + +. Navigate to the *Policy Groups* dashboard. + +. Click *Create Policy* to launch the custom policy creation workflow. + +. On the new Prisma Cloud tenant window select *Home > Governance > Add Policy*. + +. See https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/create-a-policy[Create a Custom Policy] to complete the creation of your new policy. + + +=== Map a Policy Group to a Tenant Group + +Follow the steps below to map a policy group to a tenant group and extend the mapping onto the managed Prisma Cloud tenants. + +. Navigate to the *Policy Groups* dashboard and select any policy group that you wish to map to a tenant. ++ +tt:[NOTE:] Multiple policy groups can *only* be mapped to a single tenant group. It is not possible to map multiple policy groups to multiple tenant groups in the same operation. Repeat the mapping operation of policy groups that would be mapped to each independent tenant group. + +. Select *Map to Tenant Group*. + +. Select a tenant group to map the policy groups to. + +. Click *Confirm and Map* to complete mapping. + + diff --git a/docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-tenants.adoc b/docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-tenants.adoc new file mode 100644 index 0000000000..229658f411 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/multitenant-management/create-and-manage-tenants.adoc @@ -0,0 +1,86 @@ +== Create and Manage Tenants + + +Tenant Groups are logical groupings of multiple managed Prisma Cloud tenants. Administer multiple tenants with ease by creating tenant groups and mapping individual tenants to them. Additionally, Policy groups can be mapped to tenant groups in order to apply the constituent policies of the policy group on to the individual tenants. + +Follow the steps below to create a Tenant Group: + +. On the Multitenant Management console, select the *Tenant Groups* tab. + +. Select *Create Tenant Group* and provide a name for the group. + +. Click *Save* to complete tenant group creation. + +=== Create Tenant + +You can also create a managed Prisma Cloud tenant from the Tenant Group dashboard. Follow the steps below to create a Tenant: + +[NOTE] +==== +When creating a tenant, user details should be those of the end customer who will be the *owner* of the tenant. The email address you entered will be used to send a Welcome email to the user that includes account creation instructions and use of the Multitenant Management console. +==== + +. Click *Tenant Groups* tab. + +. Select *Create Tenant*. + +. Provide Tenant details as shown below. ++ +image::mssp/mssp-create-tenant.png[] ++ +.. In the First Name, Last Name, and Email address fields, provide details pertaining to the individual who will be System Administrator on the tenant. This user will receive a welcome email from Prisma Cloud in order to manage and administer the Prisma Cloud tenant. Multitenant Management admin users, mapped as System Administrators on the managed Prisma Cloud tenants cannot be deleted by an Admin on managed Prisma Cloud tenants. + +.. In the Company field, provide the name of the company or organization the Tenant is provisioned for. + +.. Optionally assign the tenant to a *Tenant Group*. ++ +[NOTE] +==== +Policy Groups can only be assigned to tenant groups. If you know which tenant group this tenant should belong to, it is recommend that you assign a tenant to a tenant group. Alternatively you can also assign it to a group later. Policies mapped from the Multitenant Management Console are immutable on the managed Prisma Cloud tenants. +==== + +. Provide the *License Configuration* details. + +.. Select a *License Pool*. + +.. Enter the total number of credits to allocate to the tenant. ++ +[NOTE] +==== +A minimum of 100 credits need to be allocated to a tenant and the total number of credits cannot exceed the amount that is allocatable to the tenant. +==== + +.. Select a *Plan Type* to assign to the Tenant. + +.. On the *Capabilities* tab select the Default and Optional Modules you want to enable on the tenant. Click *Next* to continue. + +. Review the summary and click *Save* to create the tenant. + + +=== Tenant Deletion and Credit Reallocation + +Credits can be reallocated from one tenant to another tenant or tenants at any time. Follow the steps below to edit an existing tenant and reduce the number of credits allocated to them: + +[NOTE] +==== +A tenant *must* have a minimum of 100 credits allocated at all times while the tenant is active. +==== + +. Navigate to the *Tenant Groups* dashboard and select any tenant that you want to remove or reduce credits from. +. Select the pencil icon to launch the *Edit Tenant* view. +. Select *License Configuration* from the left navigation menu. +. Update the *Allocated Credits* field to the appropriate credit value. + +Once the credits are reduced from a tenant, these credits are placed back into the *Balance Credits Available for Allocation* quantity. Users on the Multitenant Management console can now leverage these credits, in addition to any credits which previously existed on the *Credits Purchased* quantity, to create new tenants, allocate credits, and edit existing credits allocated to tenants. + +==== Tenant Deletion + +Note the following caveats when deleting tenants: + +* Credits will remain allocated to a deleted tenant for a period of 120 days. After 120 days, the credits are available in the *Credits that are allocatable* pool from which they can be applied to other tenants. + +* When a tenant is deleted, reduce the credits associated with the tenant to 100 (which is the minimum) and then delete a tenant, for efficient credit management. This ensures that these credits are immediately available in the *Total Purchased* quantity, available for allocation. + + + + diff --git a/docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management-introduction.adoc b/docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management-introduction.adoc new file mode 100644 index 0000000000..ce635e7b3e --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management-introduction.adoc @@ -0,0 +1,142 @@ +== Prisma Cloud Multitenant Management Overview + + +Effectively deliver security at scale with Prisma Cloud's Multitenant Management service. Multitenant Management offers a rich set of features including a centralized dashboard for the efficient management of a large number of tenants. Tenants managed by the Multitenant Management console are called managed Prisma Cloud tenants. + +With the Multitenant Management console you can streamline the following functions: + +* Manage and operate a large number of tenants from a single console. +* Dynamically create and delete tenants on demand. +* Efficiently segment and manage customers into industry defined groups such as Healthcare, Finance, and more. +* Segment tenants by reallocating credits as needed, between tenants under management. +* Isolate your customer's data in adherence with established security best practices. +* Get centralized visibility into security telemetry such as incidents, attack paths, and misconfigurations. +* Create policy groups from a set of out-of-the-box policies and custom policies. Map policy groups to tenant groups from the console. +* Manage modules by selectively enabling optional modules during tenant creation. +* Get visibility into credit usage across all managed Prisma Cloud tenants. +. + + +=== Multitenant Management Console Features + +The Multitenant Management console features three dashboards that help you streamline the creation and management for tenants, policies and their related operations as shown below: + +image::mssp/mssp-intro.png[] + +*Operation Alerts* + +On the Multitenant Management console you can select the bell icon to view *Operation Alerts* for the status of all actions that are performed by a user on the Multitenant Management console. The following operations are displayed on the alarm center: + +* Operation Name +* Operation Description +* Mapping Policy +* When a user ‘maps’ a policy group to a tenant group. +* Unmapping Policy +* When a user ‘unmaps’ a policy group from a tenant group. +* User Creation +* Creation of user on the Multitenant Management console +* Tenant Provisioning +* When a user creates a tenant +* Tenant Update +* When a user updates a tenant (such as, tenant group change, credit change) + + +Failed user initiated operations are listed as an entry on the *Operation Alerts* page. Additionally, users have the option to retry the failed operation. Click on the retry button available on the listing of each failed operation to retry a previous attempt. + + +*Licensing Dashboard* + +From the Multitenant Management console, select *Licensing* to view details about credits purchased, credits allocated, and the tenants groups that they are allocated to as shown below. + +image::mssp/mssp-licensing.png[] + +[NOTE] +==== +You may experience an issue on the licensing dashboard, where there is a mismatch between the credits reported on a tenant group and the credits reported on the dashboard, when a tenant fails to create successfully. + +To resolve this issue, retry the failed tenant create operation from the *Operations Alerts* panel. Alternatively, create a new tenant from the tenant creation workflow. + +This is a benign issue and only impacts the credits reported for the tenant on the tenant group on the licensing dashboard. It does not impact the accurate reporting of the quantity of credits purchased, credits allocated, or the balance. +==== + +=== Key Concepts + +See the table below to learn about the Multitenant Management concepts and terminology. + +[cols="50%a,50%a"] +|=== + +|Term +|Definition + +|Multitenant Management Console +|A centralized dashboard that allows yous to manage and operate multiple Prisma Cloud Tenants (referred to as Managed Prisma Cloud Tenants). + +|Managed Prisma Cloud Tenant +|A tenant managed by the Multitenant Management console. + +|Prisma Cloud Tenant for Policy Creation (Synthetic Tenant) +|A tenant used to create custom policies and test RQL queries. This is a limited capability tenant with other capabilities disabled. + +|Tenant Groups +|A logical grouping of managed Prisma Cloud tenants. + +|Policy Groups +|A logical grouping of either out-of-the-box Prisma Cloud policies or custom Prisma Cloud policies (that maps to Tenant groups). + +|User +|An entity with access to the Multitenant Management console. + + +tt:[NOTE:] All users created on the Prisma Cloud Multitenant Management console are admins on the console. Users created on the console are replicated and created as an Admin on all Prisma Cloud managed tenants. + +|Policy Groups Mapping (to Tenant Group Mapping) +|Process of mapping policies in a policy group to the tenants of the selected tenant group. + +|Licensing +|Reporting framework for Prisma Cloud tenant credit usage. + +|=== + +See the table below to learn more about the functions that the Multitenant Management console *System Administrator* role can perform. + +[cols="50%a,40%a"] +|=== + + +|Function +|Permission Status + +|Create Tenant +|Allowed + +|Create Tenant Group +|Allowed + +|Create Policy +|Allowed + +|Create Policy Group +|Allowed + +|Map Policy Group to Tenant Group +|Allowed + +|View Tenants Groups +|Allowed + +|View Policies and Policy Groups +|Allowed + +|View Licensing +|Allowed + +|Seamless login into Managed Prisma Cloud Tenant +|Allowed + +|Prisma Cloud Tenant Operations (Managed Prisma Cloud Tenant) +|System Admin Privileges + + +|=== + + diff --git a/docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management.adoc b/docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management.adoc new file mode 100644 index 0000000000..8ba08f399b --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/multitenant-management/multitenant-management.adoc @@ -0,0 +1,31 @@ +== Prisma Cloud Multitenant Management + +The Prisma Cloud® Multitenant Management offering provides the Prisma Cloud Multitenant Management console, a single centralized dashboard, that is intended for use by an *MSSP (Managed Security Service Provider) or an end customer* to manage a potentially large number of Prisma Cloud tenants. + +See <> for more information on constraints and limitations. + +=== Multitenant Management at a Glance + +[cols="60%a,30%a"] +|=== + +|*What do you want to do?* +|*Start here* + +|Learn more about Multitenant Management +|xref:multitenant-management-introduction.adoc[Multitenant Management Overview] + +|Create Tenants +|xref:create-and-manage-tenants.adoc[Create and Manage Tenants] + +|Create Policy Groups +|xref:create-and-manage-policy-groups.adoc[Create and Manage Policy Groups] + +|=== + +[#rights] +=== Rights and Use Restrictions + +*End User Customer* + +A Customer may elect to utilize the Prisma Cloud Enterprise Multitenant Management Console feature (“Console”) as a standard end user in order to manage the Credits licensed under an applicable quote or order form by providing Palo Alto Networks with a written request and executing the Opt-In Letter provided by Palo Alto Networks. Such usage shall be subject to the End User License Agreement available on the Palo Alto Networks website, unless Customer and Palo Alto Networks have entered into a separate written agreement that specifically overrides such agreement (either "Agreement"). For such end user customer use-case, the Product, including the Console, shall not be used for any other purposes, including without limitation to provide managed security services to any third party, and as otherwise set forth under the applicable Agreement Use Restrictions. Additionally, Credits may not be consolidated, shifted, assigned to, transferred, swapped, or the like between multiple entities (i.e. if Customer purchases Credits on behalf of a subsidiary or Affiliated entity and in compliance with the applicable Agreement Affiliate terms and Use Restrictions, such Credits may not be consolidated, shifted, assigned to, transferred, swapped or used by any other subsidiary or Affiliated entity throughout the term). \ No newline at end of file