Configure Azure AD User Group Mapping in Prisma Access
Where Can I Use This? | What Do I Need? |
Prisma Access
(Cloud Management)
Prisma Access
(Panorama Managed)
| |
To provide user, group, and computer information for policy or event context, Palo Alto
Networks cloud-based applications and services need access to your directory
information. Cloud Identity Engine gives Prisma Access read-only access to your Active
Directory information, so that you can easily set up and manage security and decryption
policies for users and groups. Cloud Identity Engine is free and does not require a
license to get started. Cloud Identity Engine supports on-premises directory (Active
Directory) and a cloud-based directory (Azure Active Directory). The authentication
component of the Cloud Identity Engine allows you to configure a profile for a SAML
2.0-based identity provider (IdP) that authenticates users by redirecting their access
requests through the IdP before granting access. You can also configure a client
certificate for user authentication.
Add an Azure Active Directory (Azure AD) in the Cloud Identity Engine to allow the Cloud
Identity Engine to collect user, group, and device attributes from your Azure AD for
policy enforcement and user visibility.
Get the user and group information using the Cloud Identity Engine by performing the
steps:
Create a Cloud Identity Engine
instance for Prisma Access.