Cloud Management

Cloud Identity Engine (Directory Sync) gives

Prisma Access

read-only access to your Active Directory information, so that you can easily set up and manage security and decryption policies for users and groups.

Cloud Identity Engine works with both on-premises Active Directory and Azure Active Directory.

To set up Cloud Identity Engine with

Prisma Access

, start by going to the hub to activate Cloud Identity Engine and to add it to

Prisma Access

. Then go to

Prisma Access

to validate that

Prisma Access

is able to access directory data.

Activate Cloud Identity Engine
Cloud Identity Engine can share Active Directory information with any supported app on the hub. It’s free and does not require an auth code to get started. Cloud Identity Engine setup includes activating the Cloud Identity Engine app on the hub, configuring the Cloud Identity Engine agent to gather Active Directory mappings, and configuring mutual authentication between Cloud Identity and and the agent.
Make sure to deploy the Cloud Identity Engine instance in the same region that you deployed
Prisma Access
and Cortex Data Lake.
Enable Cloud Identity Engine for
Prisma Access
.
You can associate
Prisma Access
with Cloud Identity Engine when you’re first activating
Prisma Access
or anytime after:
While you’re activating

Prisma Access

:

When you first activate Cloud Managed Prisma Access, you can choose a Cloud Identity Engine instance for

Prisma Access

to use. Make sure to select an instance that is deployed in the same region as

Prisma Access

.



After you’ve activated

Prisma Access

:

To enable Cloud Identity Engine for an existing

Prisma Access

instance, log in to the hub. From the hub settings dropdown (see the gear on the top menu bar), select

Manage Apps

. Find the

Prisma Access

instance you want to update, and select the Cloud Identity Engine instance you want

Prisma Access

to use.


Confirm that Prisma Access is connected to Cloud Identity Engine.