If you have not configured a next-generation firewall as a master device or configured a Cloud Identity Engine to populate users and groups in security policy rules, you can use long-form distinguished name (DN) entries in Panorama instead.

Prisma Access

uses the DN entries to evaluate the User-ID-based policies you have configured in Panorama.

For example, given a User named

Bob Alice

who works in IT and is located on the first floor, a matching security policy may have

cn=first_floor, ou=it_staff, dc=dev, dc=example, dc=com

if the policy is to be applied to all IT staff on the first floor, or

cn=Bob Alice, ou=it_staff, dc=dev, dc=example, dc=com

if the policy is only to be applied to Bob Alice.