Activating the Cloud Identity Engine is the foundational step in establishing a centralized, cloud-native source of truth for user identities across your security infrastructure. This process is performed within the Palo Alto Networks Hub and initializes the tenant that will aggregate and normalize user, group, and device data from your disparate directory sources. Unlike traditional hardware deployments, activation focuses on provisioning the cloud service, enabling you to prepare your environment for identity synchronization without the need for immediate physical appliance installation.

The activation workflow is designed to accommodate various organizational structures, ranging from Single Customer Support Portal (CSP) Accounts to complex environments managing Multiple CSP Accounts or child tenants. While the service is often included as a free integration requiring no standalone authorization code, the activation process allows you to claim licenses and link the engine to your existing support accounts. Once activation is complete, the system automatically creates your primary tenant, allowing you to immediately begin associating firewalls and configuring your on-premises or cloud-based directories.

To activate the Cloud Identity Engine, refer to the documentation for the type of account you have and how you want to configure the Cloud Identity Engine: