Learn about how the Cloud Identity Engine collects attributes
from your directory for use by other Palo Alto Networks applications.
To provide user, group, device, organizational unit,
and container information for policy or event context, Palo Alto
Networks cloud-based applications and services may need to access
directory information. The Cloud Identity Engine collects attributes
from your directory and stores them in a secure, cloud-based infrastructure
that allows your Palo Alto Networks cloud-based applications and
services to access the directory information.
When you configure a SAML 2.0-based identity provider (IdP) in
the Cloud Identity Engine, you can configure the Palo Alto Networks
firewall to use that IdP for user authentication in an Authentication
policy rule. Configuring both user identification and user authentication
using the Cloud Identity Engine provides a single-source identity
solution that can adapt as your security needs change.