The following table provides a snapshot of new features
introduced for the Cloud Identity Engine app in June 2021. Refer
to the Cloud Identity Engine documentation for
more information on how to use the Cloud Identity Engine.
The Directory Sync service has been rebranded to integrate
with the Cloud Identity Engine. All existing Directory Sync features
and functionalities are supported as part of the Cloud Identity
Sync Directory Changes for Active Directory
and Azure Active Directory
You can now synchronize only the recent changes
to your on-premise Active Directory or Azure Active Directory. Syncing
the changes takes much less time than syncing the entire directory.
By default, the Cloud Identity Engine syncs changes every five minutes
for these directory types. For more information, refer to Synchronize Cloud Identity Engine
Support for Identity Providers as a Single
Source of User Authentication
The Cloud Identity Engine now supports the
following identity providers (IdPs) for user authentication:
Cloud Identity Engine provides support for other SAML 2.0-compliant
IdPs in addition to these and supports multi-factor authentication
(MFA) for Azure and Ping.
Integration with PAN-OS and Panorama
You can now integrate the Cloud Identity Engine
with your Palo Alto Networks firewall or Panorama for a comprehensive
identity solution. By configuring an Authentication profile on
the firewall to use the Cloud Identity Engine for user authentication
and the Cloud Identity Engine as an identity source, you can now
both identify and authenticate your users.
Support for Germany (DE) Region
The Cloud Identity Engine now supports instances
in the Germany (DE) region for customers who must store the data
synced from their directories in this region to comply with data
regulation requirements. For more information on how to configure
this region, refer to Configure the Cloud Identity
Agent in the Getting Started guide.