Configure User-ID and User-Based Policies with Prisma Access
Prisma Access requires that you configure IP address-to-username
mapping to consistently enforce user-based policy for mobile users and
users at remote network locations. In addition, you need to configure
username to user-group mapping if
you want to enforce policy based on group membership.
To select users and groups from a drop-down list when you create
and configure policies in Panorama, you can also configure Panorama
to obtain the list of user groups retrieved from the username-to-user
group mapping.
The following sections provide an overview and the steps you
perform to configure and implement User-ID and use the Cloud Identity
Engine to get IP address-to-username and username-to-user group
mapping in Prisma Access.
