Configure User-ID in Prisma Access

This section provides the steps you perform to configure User-ID for Prisma Access.
  1. Configure IP address-to-username mapping for your mobile users and users at remote network locations.
  2. Configure username to user-group mapping for your mobile users and users at remote network locations.
    To configure username-to-user group mapping for all users, enable group mapping for mobile users and for users at remote networks using an LDAP server profile.
    We recommend using a Group Include List in the LDAP server profile, so that you can specify which groups you want to retrieve, instead of retrieving all group information.
  3. Allow Panorama to use group mappings in security policies by configuring one or more next-generation on-premise or VM-series firewalls as a Master Device.
    If you don’t configure a
    Master Device
    with a Prisma Access User-ID deployment, use long-form distributed name (DN) entries instead.

Recommended For You