: Install the Cloud Identity Agent

Install the Cloud Identity Agent

Table of Contents

Install the Cloud Identity Agent

Learn how to download the Cloud Identity agent and install it on a supported Active Directory or OpenLDAP-based directory server.
Before installing the Cloud Identity agent, verify that the time on the agent host is correct and synced to a valid NTP server. If the time on the server host is incorrect, the Cloud Identity Engine may not be able to sync your directory attributes successfully.
After you activate your Cloud Identity Engine tenant, download the Cloud Identity agent from the Cloud Identity Engine app on the hub and install it on a supported directory server. Palo Alto Networks strongly recommends using TLS 1.3. If TLS 1.2 is not already enabled on the Windows server that will host the agent, install the update to enable TLS 1.2 before you install the agent.
Because the User-ID agent and the Cloud Identity agent require the same port, you must use a dedicated host for each agent type. Do not install both agent types on the same host.
  1. Log in to the hub and select the Cloud Identity Engine app.
  2. Select
    then click
    Add New Directory
  3. Set Up
    On-Premises Directory
  4. Click
    Download Agent
  5. When the download is complete, open the DaInstall.msi installation file for the agent on the Windows server where you plan to install the agent.
    For a list of supported servers, see the Cloud Identity Engine system requirements.
    If you are also using the Terminal Server (TS) agent, we recommend that you do not install the Cloud Identity agent on the same host as the TS agent. If you must install both agents on the same host, you must change the default listening port on the TS agent.
  6. Follow the prompts in the installation wizard to install the agent.
  7. Navigate to the location of the Cloud Identity agent.
    The default location is C:\Program Files (x86)\Palo Alto Networks\Cloud Identity Agent\.
  8. Double-click the
    file to launch the Cloud Identity agent.
    Starting the agent also starts the Cloud Identity Engine, which runs in the background on the server hosting the Cloud Identity agent until you stop the connection to the Cloud Identity Engine.

Next Steps

Recommended For You