User-ID Features

Learn about the new User-ID™ features in PAN-OS 9.1.
New User-ID Feature
Description
Include Username in HTTP Header Insertion Entries
Allows the firewall to relay a user’s identity when they are accessing your network through secondary security appliances that are connected to your Palo Alto Networks firewall. You can configure your firewall to include the username in the HTTP header so that other security appliances in your network can identify the user without additional infrastructure (such as proxies used to insert the username). This simplifies deployment, reduces page-load latency, and eliminates multiple authentications for users.
Dynamic User Groups
You can now use tags to dynamically group users and automate security, decryption, or authentication actions for the group based on user behavior (such as downloading risky software). You can gather information from security sources such as Cortex XDR, User and Entity Behavior Analytics (UEBA), or Security Information and Event Management (SIEM) and use that data to determine a user’s risk level. By using these sources to gain a more comprehensive view of the user’s risk level than provided by directory attributes, the firewall can now interpret user and device information to define user groups that mitigate threats and vulnerabilities regardless of the user’s device or location. These tag-based groups can also provide temporary access for users who need temporary privilege escalation to fix an issue on a production system they wouldn’t normally have access to without requiring you to create rules or modify directories.

Recommended For You