I'm not entirely sure what you mean by that, would you mind being a bit more explicit? I am getting events, so it seems like the answer is yes I have configured the firewall credentials. But maybe I am not looking at the same thing you are thinking about.

The app metadata is extracted from the content packs on the Firewall itself. This field does not come down with the logs. Look at "Update App and Threat Metadata from Content Pack " for more information on how this is done.
https://splunk.paloaltonetworks.com/lookups.html

In order to pull the content packs the Firewall needs to be configured with a user that has API access. That user information is then set on the configuration screen from Splunk_TA_paloalto

Take a look at "Firewall/Panorama API Configuration " which explains how to set this up.
https://splunk.paloaltonetworks.com/firewalls-panorama-and-traps.html

I have re-configured the authentication settings and confirmed both saved searches 'Palo Alto Networks - Retrieve ContentPack Apps' and 'Palo Alto Networks - Retrieve ContentPack Threats' are returning results. The resulting lookup tables are populated. But the dashboard is still not populating. When I run '| datamodel pan_firewall search' , I see values for the 'log.app:category' field. But the main search behind the Web Activity dashboard uses '|tstats' and as soon as I add the 'log.app:category' field into the GROUPBY field list, the results go away.