Learn to manage your Cloud Identity Distribution in
Strata Cloud Manager
Where Can I Use
What Do I Need?
Strata Cloud Manager
Cloud Identity Engine (Directory Sync)
gives Prisma Access read-only access to your Active Directory information, so that
you can easily set up and manage security and decryption policies for users and
Cloud Identity Engine works with both on-premises Active Directory and Azure Active
To set up Cloud Identity Engine with Prisma Access, start by going to the hub to
activate Cloud Identity Engine and to add it to Prisma Access. Then go to Prisma
Access to validate that Prisma Access is able to access directory data.
Activate Cloud Identity Engine
Cloud Identity Engine can share Active Directory information with any
supported app on the hub. It’s free and does not require an auth code to get
started. Cloud Identity Engine setup
includes activating the Cloud Identity Engine app on the hub, configuring
the Cloud Identity Engine agent to gather Active Directory mappings, and
configuring mutual authentication between Cloud Identity and and the agent.
Make sure to deploy the Cloud Identity Engine instance in the same region
that you deployed Prisma Access and Cortex Data Lake.
Enable Cloud Identity Engine for Prisma Access.
You can associate Prisma Access with Cloud Identity Engine when you’re first
activating Prisma Access or anytime after:
While you’re activating Prisma Access:
When you first activate Cloud Managed Prisma
Access, you can choose a Cloud Identity Engine instance
for Prisma Access to use. Make sure to select an instance that is
deployed in the same region as Prisma Access.
After you’ve activated Prisma Access:
To enable Cloud Identity
Engine for an existing Prisma Access instance, log in to the hub. From the hub settings dropdown (see
the gear on the top menu bar), select
. Find the Prisma Access instance you want to
update, and select the Cloud Identity Engine instance you want
Prisma Access to use.
Confirm that Prisma Access is connected to Cloud Identity Engine, and that
Cloud Identity Engine is sharing directory information with Prisma Access.
Check that you can see your directories in Prisma Access.
Cloud Identity Engine
Verify that you can add users and groups to a policy rule.
. In a security or
decryption policy rule, check that the
dropdown displays your Active Directory user and group entries. Now you
can start adding these users and groups to your security and decryption
When traffic isn’t being
enforced as expected, use