Welcome to the Cloud Identity Engine

Learn about how the Cloud Identity Engine collects attributes from your directory for use by other Palo Alto Networks applications.
To provide user, group, device, organizational unit, and container information for policy or event context, Palo Alto Networks cloud-based applications and services may need to access directory information. The Cloud Identity Engine collects attributes from your directory and stores them in a secure, cloud-based infrastructure that allows your Palo Alto Networks cloud-based applications and services to access the directory information.
When you configure a SAML 2.0-based identity provider (IdP) in the Cloud Identity Engine, you can configure the Palo Alto Networks firewall to use that IdP for user authentication in an Authentication policy rule. Configuring both user identification and user authentication using the Cloud Identity Engine provides a single-source identity solution that can adapt as your security needs change.

Recommended For You