SaaS Security Administrator's Guide
    : Integrate CIE with Data Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Monitor Data Security
    6. Integrate CIE with Data Security
    Download PDF

    SaaS Security Administrator's Guide

    Integrate CIE with Data Security

    Table of Contents

    Integrate CIE with Data Security

    Learn about the integrating Cloud Identity Engine (CIE) with Data Security.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    • Data Security license
    Or one of the following that includes a Data Security license:
    • CASB-X license
    • CASB-PA
    Enterprises use Identity Providers (IdPs) such as Okta, Microsoft Active Directory, and Google Directory to manage user identities and permissions. Data Security supports using this organizational information within such directories by integrating with Cloud Identity Engine.
    • Legacy customers (onboarded your Azure Active Directory to SaaS API instance before November 4, 2024): If you have been using Microsoft Azure Active Directory, see Group-Based Visibility (legacy).
    • New customers (onboarded your apps to Data Security on or after November 4, 2024): Use Cloud Identity Engine to integrate your Directory with Data Security using the steps given below in this topic.
    1. Log in to Strata Cloud Manager.
    2. Select SaaS SecuritySettingsDirectory & External Services.
    3. The following Cloud Identity Engine integration pane is available only if you have not activated Cloud Identity Engine or connected your Cloud Identity Engine with your directory.
      On the Cloud Identity Engine integration pane, select Set Up Now.
    4. Complete your Cloud Identity Engine integration.
      The following screenshot shows a successful integration:
    5. Enable Group-Based Policies.
    6. Enable Group-Based Selective Scanning.
      • Cloud Identity Engine integration does not support Group-Based Incident Management. See Common Services: Identity and Access if you're using Strata Cloud Manager.
      • During your first-time Cloud Identity Engine integration, Data Security might take up to 24 hours to gain access to the newly onboarded groups (Microsoft Azure Active Directory, Okta, or Google).
      • Data Security might take up to 24 hours to gain access to groups if you select Full Sync in the Cloud Identity Engine portal.
      • It might take up to 1 hour for modifications (update, add, delete groups, or user information) to groups to be available in Data Security.

    © 2024 Palo Alto Networks, Inc. All rights reserved.