Viewing User ID to User IP or User Groups Mappings

Select the

Map View

of the

Summary

dashboard.

Hover your mouse cursor over a Location until you get a popup dialog.



Select

View User ID, User Groups & IP Mapping

at the bottom of the popup dialog. The

UserID and User Group Distribution Check

dialog opens.

Select the

Prisma Access Location

and

Node Type

from the drop-down. The

Prisma Access Location filter

is not taken into consideration when the

Node Type

is

Mobile Users (GlobalProtect)

.

Node Type

:

Remote Networks

or

Service Connections

For Remote Networks and Service Connections, you can only see user ID to user group mappings.

Select a Prisma Access Location. If the Prisma Access Location you select does not have any associated Remote Networks or Service Connections, you see a ‘No Data Available’ message in the Remote Networks Site field or Service Connections Site field as the case may be, and the Show User Groups and Export to CSV buttons will be disabled.

From Node Type, select Remote Networks or Service Connections.

From the Remote Networks Site or Service Connections Site, select the site from which you want to retrieve the data.

In View, select whether you want to see which user groups a User ID belongs to (User) or which users are a part of a particular Group (Group) associated with the site.

If you select

User

, enter the user’s

User ID

(for example, saas\testuser3) to get the user ID to user group mapping, then select

Show User Groups

. A list of all the groups that the user ID belongs to get displayed under

User ID-IP Mappings

.

You can search for a specific group by typing the group name or a string that is contained within the group name you want to find by entering it in the

User Group

text box. If you search for a group that does not exist, you will see an error saying, “No data is available.” You can also sort the list of groups by toggling the arrows icon next to

User Group

. You can select the number of entries you want to display, as well as scroll through pages by clicking the forward and back arrows.



If you select

Groups

, selecting

Show User-Group Mappings

displays all the groups that are available in the site under

All User Groups in

<selected_site>

. If you select a group, all users belonging to the group are displayed in the right pane. The

Export to CSV

button gets activated and you can export all the users belonging to that group into a CSV file. The exported CSV file will contain all the entries for the group even if they are not displayed in the UI at the time of export.

You can search for a specific group by typing the group name or a string that is contained within the group name you want to find by entering it in the

User Group

text box. If you search for a group that does not exist, you will see an error saying, “No data is available”. You can also sort the list of groups by toggling the arrows icon next to

User Group

. You can select the number of entries you want to display as well as scroll through pages by selecting the forward and back arrows.



Node Type

:

Mobile Users (GlobalProtect)

You can see user ID to IP mapping and also the user ID to user group mapping.The

Prisma Access Location

filter is not taken into consideration when the selected

Node Type

is

Mobile Users (GlobalProtect)

. Instead, Prisma Access Insights uses the GlobalProtect gateway IP address to look for the data.

Enter a the Global Protect IP gateway address in the

Gateway

text box.

Select whether you want to

View

data for user ID to user IP mapping (

Users

) or user ID to user group mappings (

Groups

) for users who are connected to your specified GlobalProtect gateway.

If you selected

Users

, select

Show UserID-IP Mappings

. A table of user ID to their user IP mapping is displayed along with the

Timeout

which shows you for how long (in seconds) the user ID to user IP entry is valid. Selecting a particular user displays the groups that the user belongs to. Selecting a group shows every user that belongs to that group. It also enables the

Export to CSV

button which allows you to export all the users in that group regardless of any filtered view displayed in the UI.



If you selected

Groups

, choose

Show User-Group Mappings

. A list of all user groups belonging to that GlobalProtect gateway appears under

User Group

. Selecting a user group displays all users belonging to that group in the right pane. It also enables the

Export to CSV

button, which allows you to export all the users in that group regardless of any filtered view displayed in the UI.