Prisma Access User-Based Policy (Panorama)
Focus
Focus
Prisma Access

Prisma Access User-Based Policy (Panorama)

Table of Contents


Prisma Access User-Based Policy (Panorama)

Set up user-ID mapping in Prisma Access (Managed by Panorama).
This section provides the steps you perform to configure User-ID for Prisma Access.
  1. Configure IP address-to-username mapping for your mobile users and users at remote network locations.
  2. Configure username-to-user group mapping for your mobile users and users at remote network locations.
    For Mobile Users—GlobalProtect, Explicit Proxy, and remote network deployments, configure the Directory Sync component of the Cloud Identity Engine to retrieve user and group information from your Active Directory (AD); then, configure Group Mapping Settings in your Mobile Users—GlobalProtect or remote network deployment.
    Alternatively, you can enable username-to-user group mapping for mobile users and users at remote networks using an LDAP server profile.
    We recommend using a Group Include List in the LDAP server profile, so that you can specify which groups you want to retrieve, instead of retrieving all group information.
  3. Allow Panorama to use username-to-user group mapping in security policies by completing one of the following actions: