While it was often used for simplicity during the early days of computing, storing critical information (such as passwords and cryptographic keys) using unsecured methods like sharing passwords with coworkers or storing administrative information in plaintext can result in consequences such as security breaches or misuse. Storing this type of information in a secrets vault provides a much more secure method for storing and sharing this information. The Cloud Identity Engine now supports a secrets vault so that you can responsibly share this information with users who require it.

The Cloud Identity Engine now supports the CIE directory in the authentication profile. This allows you to use the CIE directory with an authentication type so that you can expand the deployment possibilities for your Cloud Identity Engine configuration.

Additionally, to reduce risk and vulnerability, the following security measures now apply for CIE directory users:

The Okta directory now supports log forwarding to the Strata Logging Service for storage and auditing purposes. If you enable this option, the Cloud Identity Engine forwards the logs from the previous 24 hours to the Strata Logging Service. This helps meet compliance requirements, store logs for future reference, and track activity for auditing purposes. This also allows the Cloud Identity Engine to share the logging information with other Palo Alto Networks applications that you use in your network.