| Where Can I Use This? | What Do I Need? |
|---|
- Prisma Access (Managed by Panorama or Strata Cloud Manager)
- NGFW (Managed by Panorama)
|
- Prisma Access 5.1 Preferred or Innovation
- Prisma Access
license with the
Mobile User subscription
- Cloud Identity Engine
- Minimum Prisma Access Agent version: 25.1
- Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
|
To grant your users access to corporate resources and applications, you must verify
the identities of the users to ensure that they are who they claim to be.
Cloud Identity Engine can be used to
authenticate users when they connect to
Prisma Access Agent.
Cloud Identity Engine is a free app on the hub that gives Prisma Access read-only
access to your information in IdPs such as Azure Active Directory or Okta Directory.
With Cloud Identity Engine, you can easily implement user-based security policies
and decryption.
Cloud Identity Engine allows you to create security policy based on users and groups,
and helps secure your assets by enforcing behavior-based security actions. It also
adapts to changing security needs and users by making it simpler to configure an
identity source or provider in a single unified source of user identity, allowing
extendability as needs change. By continually syncing the information from your
cloud-based directories, it ensures that your user information is accurate and up to
date and policy enforcement continues based on the mappings even if the cloud
identity provider is temporarily unavailable.
When users authenticate to the agent from an endpoint, Cloud Identity Engine redirects
the authentication request to a SAML 2.0-based identity provider (IdP). After the
IdP authenticates the user, the gateway maps the user and applies the appropriate
security policy to the endpoint. You can use SAML 2.0-compliant identity providers
(IdPs) or a client certificate to authenticate your users.
Before you begin to configure Cloud Identity Engine for Prisma Access Agent user
authentication, ensure that you complete the following prerequisites:
