Set Up the Cloud Identity Engine
Table of Contents
Expand all | Collapse all
-
- cloud-identity-engine-attributes
- Collect Custom Attributes with the Cloud Identity Engine
- View Directory Data
- Cloud Identity Engine User Context
- Create a Cloud Dynamic User Group
- Configure Third-Party Device-ID
- Configure an IP Tag Cloud Connection
- Configure Dynamic Privilege Access in the Cloud Identity Engine
- Configure Security Risk for the Cloud Identity Engine
- Send Cortex XDR Risk Signals to Okta
-
-
- Configure Azure as an IdP in the Cloud Identity Engine
- Configure Okta as an IdP in the Cloud Identity Engine
- Configure PingOne as an IdP in the Cloud Identity Engine
- Configure PingFederate as an IdP in the Cloud Identity Engine
- Configure Google as an IdP in the Cloud Identity Engine
- Configure a SAML 2.0-Compliant IdP in the Cloud Identity Engine
- Configure a Client Certificate
- Configure an OIDC Authentication Type
- Set Up an Authentication Profile
- Configure Cloud Identity Engine Authentication on the Firewall or Panorama
- Configure the Cloud Identity Engine as a Mapping Source on the Firewall or Panorama
- Configure Dynamic Privilege Access in the Cloud Identity Engine
-
- Get Help
Set Up the Cloud Identity Engine
Learn how to set up and configure the Cloud Identity
Engine.
After you activate the Cloud Identity Engine, complete
the following steps to set up and configure the Cloud Identity Engine:
- Choose Your Directory Type—Select
the type of directory that you want the Cloud Identity Engine to
access.
- Configure an On-Premises Directory—Learn how to configure the Cloud Identity agent to communicate with your on-premises Active Directory or OpenLDAP-based directory and the Cloud Identity Engine.
- Configure a Cloud-Based Directory—Learn how to configure a cloud-based directory (such Azure Active Directory or Okta Directory) for the Cloud Identity Engine.
- Authenticate Users with the Cloud Identity Engine—Find out the
necessary steps to configuring user authentication in the Cloud
Identity Engine for a single-source identity solution.
- Configure a SAML 2.0 Authentication Type—Learn how to configure SAML 2.0-compliant identity providers (IdPs) in the Cloud Identity Engine to enable user authentication.
- Configure a Client Certificate—Configure a client certificate using a certificate authority (CA) chain in addition to SAML 2.0 authentication or as an alternate method for user authentication.
- Set Up an Authentication Profile—After you configure how you want to authenticate users (SAML 2.0 authentication, client certificate, or both), create an authentication profile to configure details such as specifying particular authentication methods for certain groups or directories.
- Configure Cloud Identity Engine Authentication on the Firewall or Panorama—Find out how to configure an Authentication profile on the Palo Alto Networks firewall or Panorama to enforce authentication using the Cloud Identity Engine.
- Associate the Cloud Identity Engine with Palo Alto Networks Apps—Share the
directory information in your Cloud Identity Engine tenant with
other Palo Alto Networks applications.If you are using the tenant account view in the hub, association is not necessary for a tenant service group (TSG). For more information, refer to the Hub Getting Started guide.
- Manage the Cloud Identity Engine App—Create, view, rename, delete, and synchronize your Cloud Identity Engine tenants and view the list of attributes that the Cloud Identity Engine collects.