Set Up the Cloud Identity Engine
Table of Contents
Expand all | Collapse all
- Get Help
Set Up the Cloud Identity Engine
Learn how to set up and configure the Cloud Identity
Engine.
After you Activate the Cloud Identity Engine, complete
the following steps to set up and configure the Cloud Identity Engine:
- Choose Your Directory Type—Select the type of directory that you want the Cloud Identity Engine to access.
- Configure an On-Premises Directory—Learn how to configure the Cloud Identity agent to communicate with your on-premises Active Directory or OpenLDAP-based directory and the Cloud Identity Engine.
- Configure a Cloud-Based Directory—Learn how to configure a cloud-based directory (such Azure Active Directory or Okta Directory) for the Cloud Identity Engine.
- Authenticate Users with the Cloud Identity Engine—Find out the necessary steps to configuring user authentication in the Cloud Identity Engine for a single-source identity solution.
- Configure a SAML 2.0 Authentication Type—Learn how to configure SAML 2.0 identity providers (IdPs) in the Cloud Identity Engine to enable user authentication.
- Configure a Client Certificate—You can configure a client certificate using a certificate authority (CA) chain in addition to SAML 2.0 authentication or as an alternate method for user authentication.
- Set Up an Authentication Profile—After you configure how you want to authenticate users (SAML 2.0 authentication, client certificate, or both), create an authentication profile to configure details such as specifying particular authentication methods for certain groups or directories.
- Configure Cloud Identity Engine Authentication on the Firewall or Panorama—Find out how to configure an Authentication profile on the Palo Alto Networks firewall or Panorama to enforce authentication using the Cloud Identity Engine.
- Associate the Cloud Identity Engine with Palo Alto Networks Apps—Share the directory information in your Cloud Identity Engine tenant with other Palo Alto Networks applications.If you are using the tenant account view in the hub, association is not necessary for a tenant service group (TSG). For more information, refer to the Hub Getting Started guide.
- Manage the Cloud Identity Engine App—Create, view, rename, delete, and synchronize your Cloud Identity Engine tenants and view the list of attributes that the Cloud Identity Engine collects.