Configure User-ID in Panorama Managed Prisma Access
Focus
Focus

Configure User-ID in Panorama Managed Prisma Access

Table of Contents

Configure User-ID in Panorama Managed Prisma Access

Configure IP address-to-username mapping and username-to-user group mapping in Prisma Access.
This section provides the steps you perform to configure User-ID for Prisma Access.
  1. Configure IP address-to-username mapping for your mobile users and users at remote network locations.
  2. Configure username-to-user group mapping for your mobile users and users at remote network locations.
    For Mobile Users—GlobalProtect, Explicit Proxy, and remote network deployments, configure the Directory Sync component of the Cloud Identity Engine to retrieve user and group information from your Active Directory (AD); then, configure Group Mapping Settings in your Mobile Users—GlobalProtect or remote network deployment
    Alternatively, you can enable username-to-user group mapping for mobile users and users at remote networks using an LDAP server profile.
    We recommend using a Group Include List in the LDAP server profile, so that you can specify which groups you want to retrieve, instead of retrieving all group information.
  3. Allow Panorama to use username-to-user group mapping in security policies by completing one of the following actions:
  4. Redistribute HIP information to Panorama.