Prisma Access Administration
  • Prisma Access Administration
  • Prisma Access Documentation
  • All Documentation
>
Configure Third-Party Device-ID in Prisma Access (Panorama)
Focus
Download PDF
Focus
  1. Home
  2. Prisma Access
  3. Prisma Access Administration
  4. Prisma Access User-Based Policy
  5. Configure Third-Party Device-ID in Prisma Access
  6. Configure Third-Party Device-ID in Prisma Access (Panorama)
Download PDF
Prisma Access

Configure Third-Party Device-ID in Prisma Access (Panorama)

Table of Contents
Allow third-party IoT device vendors to retrieve their device IDs using the Cloud Identity Engine and Prisma Access.
To configure third-party Device-ID, complete the following task.
  1. Activate Third-Party Device-ID in the Cloud Identity Engine.
    This procedure includes uploading a signed certificate and using that with an API to communicate with, and download Device-ID information from, the third-party IoT vendor.
  2. Activate Third-Party Device-ID in Prisma Access.
    1. Navigate to PanoramaCloud ServicesConfiguration.
    2. Select Mobile Users or Remote Networks, depending on where you want to use third-party Device-ID.
    3. In the Settings panel, click the gear icon to edit the Settings, and select Enable Device Identification.
      If you don't see the Enable Device Identification option, contact your account team to enable Third-Party Device-ID.
  3. Configure a device object and enter device attributes.
    1. Go to ObjectsDevices and Add a device object that matches all the Device-ID attributes.
      Be sure that you're in the Mobile_User_Device_Group, Remote_Network_Device_Group, or the Shared device group.
    2. Add a device object that matches attributes for the third-party objects.
      The Cloud Identity Engine Mappings area displays the attributes of the third-party devices; you can use any attributes retrieved from there.
  4. Go to PoliciesSecurityPre Rules and Add a Security policy rule.
    Be sure that you're in the Mobile_User_Device_Group, Remote_Network_Device_Group, or the Shared device group.
    If you're configuring a Security policy rule for a remote network or shared device group, you can add the device objects you created to SourceSource Device or to DestinationDestination Device.
    If you're configuring a Security policy rule for mobile users, you can only use device objects for destination devices. Add the device objects you created to DestinationDestination Device.
  5. Commit and push your changes, making sure that you select Mobile Users or Remote Networks in the Push Scope.
    1. Click CommitCommit and Push.
    2. Edit Selections and, in the Prisma Access tab, make sure that you select Mobile Users or Remote Networks in the Push Scope, then click OK.
    3. Click Commit and Push.
  6. Verify that Prisma Access is receiving the Device-ID logs by going to MonitorLogs, and searching the Traffic logs for traffic under the rule you created by entering rule_matched = rulename, where rulename is the Security policy rule you created for the third-party IoT devices.
    The Device-ID to IP address mappings appear in the logs.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.