Authorize Mobile Users in Prisma Access

In Prisma Access, verify if it is connected to Cloud Identity Engine, and that Cloud Identity Engine is sharing directory information with Prisma Access.
Select

Manage

Configuration

Identity Services

Cloud Identity Engine

.

Confirm the directory details you added in the Cloud Identity Engine app for the integration.


Mark the incoming traffic based on the source.
Select

Manage

Configuration

Security Services

Security Policy

.

(

For GlobalProtect mobile users and remote networks only

)

Add Rule

or edit an existing security policy rule for

GlobalProtect

mobile users or

Remote Networks

.



(

For explicit proxy mobile users only

)

Add Rule

or edit an existing security policy rule for

Explicit Proxy

mobile users.

Add users or user groups from the Azure active directory to your security policy rule and save the policy.



View the users and user groups you added under the

Source

column.


Push
the configurations.
Verify the user or user group mapping.
For GlobalProtect mobile users only
In Prisma Access, select
Insights
Mobile Users - GlobalProtect
.
View details about mobile users and devices connected for a time range you select.
For explicit proxy mobile users only
Copy the PAC file URL to the endpoint.
Go to
Manage
Service Setup
Explicit Proxy
Infrastructure Settings
to view the PAC file URL.
Access a URL that requires authorization.
Enter the credentials.
In Prisma Access, view the user mapping information by running the
show user ip-user-mapping all
command.
(
Optional
) In Prisma Access, select
Insights
Mobile Users - Explicit Proxy
.
View details about mobile users connected for a time range you select.