Help Center User GuideGetting StartedFAQRelease NotesRelease NotesRelease NotesRelease Notes
User Guide
Getting Started
Release Notes
Release Notes
Release Notes
Release Notes

Administration Portal Getting Started

Congratulations on choosing CSO for SD-WAN, Hybrid WAN, SD-Enterprise, and NFV lifecycle management. This guide is designed to help you quickly learn the basics of the Administration Portal.

Administration Portal Capabilities

The Administration Portal is designed to perform a number of tasks, including:

Deployment Options

Using the previously-mentioned capabilities you can create, deploy, manage, and monitor all of the elements required for Contrail SD-WAN, Hybrid WAN, , SD-LAN, and Next Generation Firewall (NGFW) deployments:

In order to perform any of the deployments mentioned above, there are some things you need to know how to do within the CSO GUI. An administrator, working within the Administration Portal, must be familiar with a number of tasks. Some are for setup and configuration of CSO and some are needed in order to configure the components used in the previously-mentioned deployments, The following sections describe those tasks at a high level without linking them to any particular deployment.

Administration Tasks within the Administration Portal

The following procedures describe how to perform some of the administration tasks in the Administration Portal.

Set SMTP Server


CSO uses e-mail to send first-time access messages to new users, account locked messages, and so on. Because of this, you must configure an SMTP server for CSO to use.

  1. Click Administration > SMTP

    The SMTP page appears.

  2. Fill out the information shown in Figure 1 according to the needs of your SMTP server.

    Figure 1: SMTP Server

    SMTP Server
  3. Click Save when complete.

    It is recommended that you send a test email to confirm that your settings are correct. When using the Send Test Email button, you will get either a success or failure message. Click Save once again after you receive a success message.

Add an OpCo User


The following task describes adding an OpCo user.

  1. Click Administration > Users

    The Users page appears

  2. Click the Add icon (+)

    The Add OpCo User page appears

  3. Fill out the information in the form as shown in the image above.

    If you leave the status set to enabled, CSO sends an email to the specified email address upon completion of the procedure. If you set the status to disabled, no email is sent to the user.

  4. Click OK when finished.



CSO uses Role-Based Access Control (RBAC) to isolate control of certain features to specific roles (groups of users). The following task describes how to add a custom role to your tenant.

  1. Click Administration > Roles.

    The Roles page appears.

  2. Click the add icon (+).

    The Add Role page appears

  3. Specify the details for the role.

    Pay particular attention to the Access Privileges. Many combinations are possible. Selecting some privileges automatically selects others.

  4. Click OK.

    A status message appears about the new role.

Email Templates

The following task describes the Email Templates used by CSO


There are several circumstances under which CSO sends email to users. You can see and edit these email templates as follows:

  1. Click Administration > Email Templates

    The Email Templates page appears that shows a list of CSO email templates as shown in Figure 2

    Figure 2: Email Templates Page

    Email Templates Page

    The template names indicate under which circumstances the template is used.

  2. Click the check box next to one of the template names.
  3. Click the edit icon (pencil)

    The Edit Template page appears.

  4. Edit the YAML template as needed.
  5. (Optional) Click Restore Default Content if there are problems with your template after editing.
  6. Click Save

    A successful save message appears.

Add Tenants

The following tasks describe how to add tenants in the administration portal:

Add a Single Tenant


This task describes how to add a single tenant.. Alternatively, you could import a file that contains data for multiple tenants and their sites by clicking Tenants > Import Tenants > Import.

You can add SD-WAN, Hybrid WAN, Next Gen Firewall, and LAN services in any combination for your tenant.

Note You cannot add or remove services once the tenant is added. Make your service selections with this in mind.

To add a single tenant:

  1. Click Tenants.
  2. Click the add icon (+).

    The Add Tenant window appears.

  3. Complete the configuration for the tenant as shown in Figure 3.

    Figure 3: Add Tenant Workflow

    Add Tenant Workflow
  4. Click OK to save the changes.

Add Multiple Tenants


This task describes how to add multiple tenants using a JSON formatted text file.

To add multiple tenants:

  1. Click Tenants > Import Tenants > Import

    The Import Tenants page appears

  2. To obtain a sample JSON file for use in the import procedure, click the Download Sample JSON link below the file upload field.
  3. Edit the JSON file to suit your tenant needs and save.
  4. Click the Browse button and select the JSON file you just saved or another previously configured JSON file.
  5. Click the Import button.

    The status of the import and add jobs will appear as messages on the Tenants page.

Add SD-WAN Steering Profiles

The following tasks describe adding various SD-WAN Profiles that can be used by your tenants in SD-WAN Policy intents.

Add SLA-Based Steering Profiles


This task describes how to add SLA-Based Steering Profiles for use by your tenants in SD-WAN Policy intents.

  1. Click Configuration > SLA Based Steering Profiles

    The SLA-Based Steering Profiles page shows a list of Juniper-supplied steering profiles, with names that start with “CSO-”. These profiles can be used as-is in SD-WAN Policies.

  2. Click the Add icon (+)

    The Create SLA Profile page appears as shown in Figure 4

    Figure 4: Add SLA-Based Steering Profile

    Add SLA-Based Steering Profile
  3. Fill out the information on the page.

    Since SLA-Based Steering profiles are intended to assist CSO in making path switching decisions, it is recommended to leave the Path Preference set to Any. This allows CSO to switch traffic to different WAN paths in situations where SLAs are not being met by the active path.

Add Path-Based Steering Profiles


This task describes how to add a Path-Based Steering Profile for use by your tenants in SD-WAN Policy intents.

  1. Click Configuration > Path Based Steering Profiles

    The Path-Based Steering Profiles appears.

  2. Click the Add icon (+)

    The Create Path Profile page appears.

  3. Fill out the information on the page.

    Since Path-Based steering profiles are intended to allow an administrator to choose a specific path for certain traffic types to use, it makes sense to choose a specific path in the Path Preference section. This ensures that your path preference is used rather than a system-determined path.

Allocate Network Services

You must assign network services to tenants to enable them to access the network services. The network services are published to the network services catalog by the SP administrator, or Juniper Networks in the case of cloud-hosted CSO. You can assign services in the following ways:

License Management

The following tasks describe what can be accomplished on the CSO licensing pages.

Upload Device Licenses


To upload a license:

  1. Click Administration > Licenses > Device Licences.

    The License Files page appears.

  2. Click the add icon (+).

    The Add License page appears as shown in Figure 5

    Figure 5: Upload Device License

    Upload Device License
  3. Specify the details for the license.
  4. Click OK.

    The Upload License page displays the progress of the license upload.

  5. Click OK to save the changes.

    The status of the save operation is displayed.

Assign CSO Licenses to Tenants


The SP Administrator adds CSO licenses to the application. You can distribute the added licenses to your tenants. The following procedure describes this process.

  1. Click Administration > Licenses > CSO Licenses

    The CSO Licenses Page is displayed. All assigned licenses and the license counts appear in the list

  2. Click the checkbox next to the license you want to assign.
  3. Click the Update Assignment button.

    The Assign CSO License window appears and shows the quantity for this license and the number available for assignment to tenants

  4. From the Tenants section, click the + button to add a new assignment.

    A new row on the list will appear.

  5. From the Tenant pull-down, select the tenant.
  6. Enter the number of licenses to assign to this tenant in the Quantity field. Alternatively, you can click the up and down arrows on the right of the field until the appropriate number appears in the field.
  7. Click OK

    The window will close and the CSO Licenses page will update immediately.

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support