Next-Generation Firewall
Device > User Identification > Cloud Identity Engine
Table of Contents
Device > User Identification > Cloud Identity Engine
Add a Cloud Identity Engine profile
to your firewall to use the Cloud Identity Engine as a source for
user identification information. When you create a Cloud Identity
Engine profile, you can enforce user- or group-based security policies
based on user and group information from the on-premises or cloud-based
directories you configure in the Cloud Identity Engine app. You
can also Delete a profile or export a PDF/CSV of
the current Cloud Identity Engine profiles.
To search the profiles, enter a keyword as the filter (
![]()
) and Apply
Filter (
![]()
).
| Cloud Identity Engine Settings | Description |
|---|---|
Name | Enter a Name (up
to 31 characters) for the Cloud Identity Engine profile. The name
is case-sensitive and must be unique. Use only letters, numbers,
spaces, hyphens, and underscores. |
Instance | Enter the following information to configure
the Cloud Identity Engine profile:
When you finish configuring the Cloud
Identity Engine profile, confirm that the profile is Enabled. |
User Attributes | Select a Directory Attribute for each user attribute Name. You must select a Primary Username; all other fields are optional. |
Group Attributes | Select a Directory Attribute for each group attribute Name. You must select a Group Name; the remaining field is optional. |
Device Attributes | (GlobalProtect only) If you are
using GlobalProtect and you have enabled Serial Number Check, select
the Endpoint Serial Number to allow the Cloud
Identity Engine to collect serial numbers from managed endpoints.
This information is used by the GlobalProtect portal to check if
the serial number exists in the directory for verification that
the endpoint is managed by GlobalProtect. |