In addition to using the Cloud Identity Engine
to
retrieve user and
group information, you can use the Cloud Identity Engine
to populate user group names in security policy rules. This integration
eliminates the need to configure an on-premise or VM-series next-generation
firewall as a
Master Device for
this purpose; however, Master Devices are still supported.