Set Up the Cloud Identity Engine

Choose Your Directory Type—Select the type of directory that you want the Cloud Identity Engine to access.
Configure an On-Premises Active Directory—Learn how to configure the Cloud Identity agent to communicate with your on-premises Active Directory and the Cloud Identity Engine.
Configure a Cloud-Based Directory—Learn how to configure a cloud-based directory (such Azure Active Directory or Okta Directory) for the Cloud Identity Engine.
Authenticate Users with the Cloud Identity Engine—Find out the necessary steps to configuring user authentication in the Cloud Identity Engine for a single-source identity solution.
Configure a SAML 2.0 Authentication Type—Learn how to configure SAML 2.0 identity providers (IdPs) in the Cloud Identity Engine to enable user authentication.
Configure a Client Certificate—You can configure a client certificate using a certificate authority (CA) chain in addition to SAML 2.0 authentication or as an alternate method for user authentication.
Set Up an Authentication Profile—After you configure how you want to authenticate users (SAML 2.0 authentication, client certificate, or both), create an authentication profile to configure details such as specifying particular authentication methods for certain groups or directories.
Configure Cloud Identity Engine Authentication on the Firewall or Panorama—Find out how to configure an Authentication profile on the Palo Alto Networks firewall or Panorama to enforce authentication using the Cloud Identity Engine.
Associate the Cloud Identity Engine with Palo Alto Networks Apps—Share the directory information in your Cloud Identity Engine instance with other Palo Alto Networks applications.
Manage the Cloud Identity Engine App—Create, view, rename, delete, and synchronize your Cloud Identity Engine instances and view the list of attributes that the Cloud Identity Engine collects.