Palo Alto Networks · Capability

Prisma Cloud: Managed Security Service Provider (MSSP) — User Management

Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. 8 operations. Lead operation: Palo Alto Networks List Users. Self-contained Naftiko capability covering one Palo Alto Networks business surface.

Run with Naftiko Palo Alto NetworksUser Management

What You Can Do

GET
Listusers — Palo Alto Networks List Users
/v1/api/v1/mssp/{mssp-id}/user
POST
Createuser — Palo Alto Networks Create a New User
/v1/api/v1/mssp/{mssp-id}/user
GET
Getuser — Palo Alto Networks Get User by Username
/v1/api/v1/mssp/{mssp-id}/user/{username}
PUT
Updateuser — Palo Alto Networks Update an Existing User
/v1/api/v1/mssp/{mssp-id}/user/{username}
DELETE
Deleteuser — Palo Alto Networks Delete an Existing User
/v1/api/v1/mssp/{mssp-id}/user/{username}
PUT
Resetpassword — Palo Alto Networks Change Password
/v1/api/v1/user/{username}/credential
GET
Resettoken — Palo Alto Networks Generate Password Reset Token
/v1/api/v1/user/{username}/credential/reset-token
POST
Validatetoken — Palo Alto Networks Validate Forgot Password Token
/v1/api/v1/user/{username}/credential/reset-token/validate

MCP Tools

palo-alto-networks-list-users

Palo Alto Networks List Users

read-only idempotent
palo-alto-networks-create-new

Palo Alto Networks Create a New User

palo-alto-networks-get-user

Palo Alto Networks Get User by Username

read-only idempotent
palo-alto-networks-update-existing

Palo Alto Networks Update an Existing User

idempotent
palo-alto-networks-delete-existing

Palo Alto Networks Delete an Existing User

idempotent
palo-alto-networks-change-password

Palo Alto Networks Change Password

idempotent
palo-alto-networks-generate-password

Palo Alto Networks Generate Password Reset Token

read-only idempotent
palo-alto-networks-validate-forgot

Palo Alto Networks Validate Forgot Password Token

read-only

Capability Spec

palo-alto-prisma-cloud-mssp-user-management.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: 'Prisma Cloud: Managed Security Service Provider (MSSP) — User Management'
  description: 'Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. 8 operations. Lead operation: Palo
    Alto Networks List Users. Self-contained Naftiko capability covering one Palo Alto Networks business surface.'
  tags:
  - Palo Alto Networks
  - User Management
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY
capability:
  consumes:
  - type: http
    namespace: palo-alto-prisma-cloud-mssp-user-management
    baseUri: https://mssp-api.prismacloud.io
    description: 'Prisma Cloud: Managed Security Service Provider (MSSP) — User Management business capability. Self-contained,
      no shared references.'
    resources:
    - name: api-v1-mssp-mssp-id-user
      path: /api/v1/mssp/{mssp-id}/user
      operations:
      - name: listusers
        method: GET
        description: Palo Alto Networks List Users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: next_page_token
          in: query
          type: string
          description: Token to fetch next page. Max pagesize is 60.
        - name: mssp-id
          in: path
          type: string
          description: The id of the MSSP of interest
          required: true
      - name: createuser
        method: POST
        description: Palo Alto Networks Create a New User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: mssp-id
          in: path
          type: string
          description: the id of the MSSP of interest
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v1-mssp-mssp-id-user-username
      path: /api/v1/mssp/{mssp-id}/user/{username}
      operations:
      - name: getuser
        method: GET
        description: Palo Alto Networks Get User by Username
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: username of the user
          required: true
        - name: mssp-id
          in: path
          type: string
          description: the id of the MSSP of interest
          required: true
      - name: updateuser
        method: PUT
        description: Palo Alto Networks Update an Existing User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: username of the user
          required: true
        - name: mssp-id
          in: path
          type: string
          description: the id of the MSSP of interest
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteuser
        method: DELETE
        description: Palo Alto Networks Delete an Existing User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: Username of the user
          required: true
        - name: mssp-id
          in: path
          type: string
          description: the id of the MSSP of interest
          required: true
    - name: api-v1-user-username-credential
      path: /api/v1/user/{username}/credential
      operations:
      - name: resetpassword
        method: PUT
        description: Palo Alto Networks Change Password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: Username
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v1-user-username-credential-reset-token
      path: /api/v1/user/{username}/credential/reset-token
      operations:
      - name: resettoken
        method: GET
        description: Palo Alto Networks Generate Password Reset Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: Username
          required: true
    - name: api-v1-user-username-credential-reset-token-validate
      path: /api/v1/user/{username}/credential/reset-token/validate
      operations:
      - name: validatetoken
        method: POST
        description: Palo Alto Networks Validate Forgot Password Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: username
          in: path
          type: string
          description: Username
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.PALO_ALTO_NETWORKS_API_KEY}}'
  exposes:
  - type: rest
    namespace: palo-alto-prisma-cloud-mssp-user-management-rest
    port: 8080
    description: 'REST adapter for Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. One Spectral-compliant
      resource per consumed operation, prefixed with /v1.'
    resources:
    - path: /v1/api/v1/mssp/{mssp-id}/user
      name: api-v1-mssp-mssp-id-user
      description: REST surface for api-v1-mssp-mssp-id-user.
      operations:
      - method: GET
        name: listusers
        description: Palo Alto Networks List Users
        call: palo-alto-prisma-cloud-mssp-user-management.listusers
        with:
          next_page_token: rest.next_page_token
          mssp-id: rest.mssp-id
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createuser
        description: Palo Alto Networks Create a New User
        call: palo-alto-prisma-cloud-mssp-user-management.createuser
        with:
          mssp-id: rest.mssp-id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/mssp/{mssp-id}/user/{username}
      name: api-v1-mssp-mssp-id-user-username
      description: REST surface for api-v1-mssp-mssp-id-user-username.
      operations:
      - method: GET
        name: getuser
        description: Palo Alto Networks Get User by Username
        call: palo-alto-prisma-cloud-mssp-user-management.getuser
        with:
          username: rest.username
          mssp-id: rest.mssp-id
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateuser
        description: Palo Alto Networks Update an Existing User
        call: palo-alto-prisma-cloud-mssp-user-management.updateuser
        with:
          username: rest.username
          mssp-id: rest.mssp-id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteuser
        description: Palo Alto Networks Delete an Existing User
        call: palo-alto-prisma-cloud-mssp-user-management.deleteuser
        with:
          username: rest.username
          mssp-id: rest.mssp-id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/user/{username}/credential
      name: api-v1-user-username-credential
      description: REST surface for api-v1-user-username-credential.
      operations:
      - method: PUT
        name: resetpassword
        description: Palo Alto Networks Change Password
        call: palo-alto-prisma-cloud-mssp-user-management.resetpassword
        with:
          username: rest.username
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/user/{username}/credential/reset-token
      name: api-v1-user-username-credential-reset-token
      description: REST surface for api-v1-user-username-credential-reset-token.
      operations:
      - method: GET
        name: resettoken
        description: Palo Alto Networks Generate Password Reset Token
        call: palo-alto-prisma-cloud-mssp-user-management.resettoken
        with:
          username: rest.username
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/user/{username}/credential/reset-token/validate
      name: api-v1-user-username-credential-reset-token-validate
      description: REST surface for api-v1-user-username-credential-reset-token-validate.
      operations:
      - method: POST
        name: validatetoken
        description: Palo Alto Networks Validate Forgot Password Token
        call: palo-alto-prisma-cloud-mssp-user-management.validatetoken
        with:
          username: rest.username
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: palo-alto-prisma-cloud-mssp-user-management-mcp
    port: 9090
    transport: http
    description: 'MCP adapter for Prisma Cloud: Managed Security Service Provider (MSSP) — User Management. One tool per consumed
      operation, routed inline through this capability''s consumes block.'
    tools:
    - name: palo-alto-networks-list-users
      description: Palo Alto Networks List Users
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: palo-alto-prisma-cloud-mssp-user-management.listusers
      with:
        next_page_token: tools.next_page_token
        mssp-id: tools.mssp-id
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-create-new
      description: Palo Alto Networks Create a New User
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: palo-alto-prisma-cloud-mssp-user-management.createuser
      with:
        mssp-id: tools.mssp-id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-get-user
      description: Palo Alto Networks Get User by Username
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: palo-alto-prisma-cloud-mssp-user-management.getuser
      with:
        username: tools.username
        mssp-id: tools.mssp-id
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-update-existing
      description: Palo Alto Networks Update an Existing User
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: palo-alto-prisma-cloud-mssp-user-management.updateuser
      with:
        username: tools.username
        mssp-id: tools.mssp-id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-delete-existing
      description: Palo Alto Networks Delete an Existing User
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: palo-alto-prisma-cloud-mssp-user-management.deleteuser
      with:
        username: tools.username
        mssp-id: tools.mssp-id
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-change-password
      description: Palo Alto Networks Change Password
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: palo-alto-prisma-cloud-mssp-user-management.resetpassword
      with:
        username: tools.username
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-generate-password
      description: Palo Alto Networks Generate Password Reset Token
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: palo-alto-prisma-cloud-mssp-user-management.resettoken
      with:
        username: tools.username
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-validate-forgot
      description: Palo Alto Networks Validate Forgot Password Token
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: palo-alto-prisma-cloud-mssp-user-management.validatetoken
      with:
        username: tools.username
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.