Identity
Configure Cloud Identity Engine Authentication (SCM)
Table of Contents
Configure Cloud Identity Engine Authentication (SCM)
Learn about configuring authentication for Cloud Identity Engine in Strata Cloud
Manager.
To configure Cloud Identity authentication within Strata Cloud Manager, you must
leverage the Cloud Authentication Service (CAS) to broker requests between your
enforcement points and your identity providers (IdPs). This workflow allows you to
enforce SAML 2.0, OIDC, or Client Certificate authentication across your managed
NGFWs and Prisma Access deployments.
- Configure an authentication profile to use the Cloud Identity Engine Authentication Service.
- In Strata Cloud Manager, navigate to .Add Profile.Set the Authentication Method to Cloud Identity Engine.Give the profile a Name.Select a Cloud Identity Engine Profile or Create a new one.Specify the Maximum Clock Skew (range is 1–900 seconds; default is 60) to allow for time synchronization differences between the IdP and the cloud service.(Optional)Select Force multi-factor authentication in the cloud if your IdP is configured to require users to log in using multi-factor authentication (MFA).(Optional) Match all users or select specific users and groups synchronized from your directory.Save.(Required for authentication policy rule only) Create an Authentication Enforcement object that uses the authentication profile to redirect users to log in using their authentication type.
- In Strata Cloud Manager, navigate to .Add Authentication Rule.Give the rule a Name.(Optional)Give the rule a detailed Description.(Optional) Add Tags to help organize the rule.Set the Action to Authenticate.(Optional) Set the Auth Session Timeout (range is 1–1440 minutes; default is 60).(Optional) Write a Message to your users telling them how to authenticate.Select the Cloud Identity Engine Authentication Profile you created previously.Save.Push config.
