To activate and manage user permissions of your Cortex XDR tenants, Cortex XDR operates as a standalone application known as the Gateway.
The Gateway allows you to:
Activate new tenants.
View and manage existing tenants and tenants available for activation that are allocated to your Customer Support Portal (CSP) account.
View and manage granular role-based access control (RBAC) settings.
Note
The sizing calculator is managed on the hub.
Activating a Cortex XDR tenant is a one-time task you’ll need to perform when you first start using Cortex XDR. After you’ve activated your Cortex XDR tenant—and completed all the steps described in the Setup Overview section —you’ll only need to repeat the activation if you want to add additional Cortex XDR tenants.
The following are prerequisites to activate Cortex XDR:
Locate the email that contains your activation information.
Ensure you have CSP Super User role permissions to your existing administrator accounts. This role cannot be removed or changed through the Gateway.
To activate your Cortex XDR tenant:
Navigate to the activation link you received in the email and sign in to begin activation in the Cortex Gateway.
Note
As a first user with CSP Super User permissions to access the Gateway, you are automatically granted Account Admin permissions to the Gateway. With these permissions, you are able to activate Cortex XDR tenants, create new roles, and assign permissions to users allocated to your tenant.
The Gateway displays tenants Available for Activation and Available Tenants.
In the Available for Activation section, you can view all the tenants allocated to your CSP account that are ready for activation. You can review the tenant details, such as license type, number of endpoints, Cortex Data Lake, and purchase date.
The Available Tenants section lists tenants that have already been activated. If you have more than one CSP account, the tenants are displayed according to the CSP account name.
In the Available for Activation section, locate the tenant you want to activate according to the serial number and Activate to launch the Tenant Activation wizard.
In → , ensure the tenant you want to activate is allocated to the correct CSP account. You can expand Cortex XDR to view the tenants associated with the CSP account.
Note
If you manage multiple company CSP accounts, make sure you select the specific account to which you want to allocate the Cortex XDR tenant before proceeding with activation. Once activated, the tenant will be associated with the account and cannot be moved.
Cortex Data Lake licenses created as a part of existing Cortex XDR Licenses will remain intact until the end of your remaining contract.
In → , define the following tenant details.
Tenant Name—Give your Cortex XDR app instance an easily-recognizable name. Choose a name that is 59 or fewer characters and is unique across your company account.
Region—Select a region in which you want to set up your Cortex XDR instance. Setting up a new or existing Cortex Data Lake instance can only be in the scope of the same region.
Tenant Subdomain—Give your Cortex XDR instance an easy-to-recognize name that is used to access the tenant directly using the full URL (https://<subdomain>.xdr.<region>.paloaltonetworks.com).
Note
Note this is a public FQDN, so be careful with sensitive information such as the company name.
Review and agree to the terms and conditions of the Privacy policy, Term of Use, EULA.
Activate your tenant.
Activation can take up to an hour. Cortex XDR sends a notification to your email when the tenant has completed the activation process.
Select Back to main gateway and in the Available Tenant section, search for your tenant name. Hover over a tenant to display the Tenant Status and License Details. When the tenant displays an Active status, select the tenant name to confirm you can successfully access the Cortex XDR management console.
(Optional) You can choose to change your tenant subdomain or tenant name following activation.
Hover over the tenant you want to update and select the ellipsis. Choose either Change Tenant Subdomain or Change Tenant Name to open the corresponding dialog.
Continue to assign user roles and permissions.