Configure an Entra ID Directory
Table of Contents
Expand all | Collapse all
-
- Cloud Identity Engine Attributes
- Collect Custom Attributes with the Cloud Identity Engine
- View Directory Data
- Cloud Identity Engine User Context
- Create a Cloud Dynamic User Group
- Configure Third-Party Device-ID
- Configure an IP Tag Cloud Connection
- View Mappings and Tags
- Configure Dynamic Privilege Access in the Cloud Identity Engine
- Send Cortex XDR Risk Signals to Okta
- Configure SSF Okta Receiver as a Risk Connection
- Configure the Secrets Vault
-
- Set Up Password Authentication
-
- Configure Azure as an IdP in the Cloud Identity Engine
- Configure Okta as an IdP in the Cloud Identity Engine
- Configure PingOne as an IdP in the Cloud Identity Engine
- Configure PingFederate as an IdP in the Cloud Identity Engine
- Configure Google as an IdP in the Cloud Identity Engine
- Configure a SAML 2.0-Compliant IdP in the Cloud Identity Engine
- Set Up a Client Certificate
- Configure an OIDC Authentication Type
- Set Up an Authentication Profile
- Configure Cloud Identity Engine Authentication on the Firewall or Panorama
- Configure the Cloud Identity Engine as a Mapping Source on the Firewall or Panorama
- Configure Dynamic Privilege Access in the Cloud Identity Engine
- Get Help
Configure an Entra ID Directory
Learn how to configure an Entra ID directory in the Cloud Identity Engine.
After you configure your Entra ID directory, you can reconnect or edit the
configuration or revoke permissions for directory removal. You can also use the
client credential flow as an alternative to the CIE Enterprise app connection flow
type or Configure SCIM Connector for the Cloud Identity Engine to specify which attributes the Cloud
Identity Engine collects from your Azure AD. You can also Configure Azure as an IdP in the Cloud Identity Engine for user authentication.
To view the
attributes that the Cloud Identity Engine collects from your Entra ID for user
identification, see Entra ID. You can also optionally Collect Custom Attributes with the Cloud Identity Engine if you use custom attributes in your directory.
- Set Up an Entra ID Directory—Learn how to configure your Entra ID in the Cloud Identity Engine to collect attributes using the CIE Enterprise app, which is strongly recommended by Palo Alto Networks.
- Reconnect or Edit Azure Active Directory—If there is a disconnection between your Entra ID and the Cloud Identity Engine (for example, if a directory is unavailable or for troubleshooting purposes), you can reconnect or edit your configuration.
- Revoke Cloud Identity Engine Permissions for Azure Active Directory—If you no longer use a directory with the Cloud Identity Engine, you can revoke the permissions for the Cloud Identity Engine to access the directory.
- Configure Azure Using the Client Credential Flow—To allow your Entra ID directory and the Cloud Identity Engine to communicate, you can configure the client credential flow as an alternative connection flow type.