Dynamic license allocation - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-11-07
Category
Administrator Guide
Abstract

In a multi-tenant central licensing management environment, you can dynamically edit child tenant allocations, add child tenants, and delete child tenants with the license pool automatically updated.

In a multi-tenant environment with central licensing management, in Cortex Gateway you can edit child tenant allocations, add child tenants, and delete child tenants. When you delete a child tenant, the tenant's allocations of endpoints and GBs are returned to the main account's pool and can immediately be used for existing child tenants or for creating new child tenants.

You can edit the child tenant allocations by increasing or decreasing the amount of endpoints and GBs allocated to the tenant. The total available count for the multi-tenant environment is updated accordingly.

Note

Changing the tenant's allocations might result in a short downtime of your tenant.

  1. In Cortex Gateway, locate the main account and then hover over the child tenant until the three-dot menu appears and click Edit Tenant Allocations.

  2. In the Edit Tenant Allocations window, assign the number of Gigabytes and endpoints you want to allocate to this child tenant. The amount used and the total amount available to this multi-tenant environment are displayed. Ensure you meet the minimum allocation requirements. Click Done.

When you have enough license allocations available in your multi-tenant central licensing environment, you can add a child tenant to the main account in Cortex Gateway.

  1. In the Cortex Gateway, hover over the main account you activated previously until the three-dot menu appears and click Add Child Tenant.

  2. Add the following details:

    Parameter

    Description

    Child Tenant Name

    Give the Cortex XDR tenant an easily recognizable name.

    Choose a name that is 59 or fewer characters and is unique across your company account.

    Region

    View the region for the child tenant. The region is inherited from the main account.

    Child Tenant Subdomain

    Give your Cortex XDR instance an easy-to-recognize name that is used to access the tenant directly using the full URL.

    https://<subdomain>.crtx.<region>.paloaltonetworks.com

    Note

    This is a public FQDN, so be careful with sensitive information such as the company name.

    After activating a child tenant, you can only change the child tenant subdomain once.

    Child Units Allocation

    Assign the number of Gigabytes you want to allocate to this child tenant. The amount used and the total amount available to this multi-tenant environment are displayed.

    Note

    Ensure that you meet the minimum requirements for child tenant allocation.

    Child Endpoints

    Assign the number of endpoints and/or cloud endpoints you want to allocate to this child tenant. The number of used endpoints and the total number of endpoints available to this multi-tenant setup are displayed.

    Note

    Ensure that you meet the minimum requirements for child tenant allocation.

    Add Ons

    If any license add-ons were purchased with your multi-tenant license, they are listed here. If you acquired compute units (CU) or forensics, you can allocate how many units to allocate to this child tenant.

  3. Confirm approval of the terms and conditions of the privacy policy and click Activate.

    Activation can take up to an hour. You should receive notification by email that the child tenant has completed the activation process.

  4. (Optional) Add another child tenant by repeating steps 1 and 2 or access your newly created tenant.

    In an enterprise multi-tenant environment, in the Cortex Gateway' under your main account, you can see the total number of tenants you are licensed for and how many you have created.

    Note

    If you reach your limit for child tenants, depending on your license, you may be able to create more tenants. You may be charged for additional tenants. Contact Customer Support if you are approaching your authorized limit.

Deleting a child tenant deletes all of its data and content permanently. The child tenant's license allocations are returned to the total available in the multi-tenant environment and can be allocated to other child tenants.

Note

In a multi-tenant central licensing management environment, you cannot unpair a child tenant from the main account. The only way to remove the connection to the main account is to delete the tenant.

  1. In Cortex Gateway, locate the main account and then hover over the child tenant until the three-dot menu appears and click Delete Tenant.

  2. In the Delete Tenant window, confirm that you want to delete the child tenant by typing 'Delete' and click Confirm Deletion.