Set Up Directory Sync Service

The Directory Sync Service is an optional service that enables you to leverage your user directory when you configure policies in Traps management service. To set up Directory Sync Service, you must perform the following tasks and then specify your Directory Sync Service instance when you Activate the Traps Management Service.
The Directory Sync Service supports the United States (US) Region and the European Union (EU) Region.
If you disassociate a Directory Sync Service instance with a Traps management service tenant, Palo Alto Networks recommends that you remove all Active Directory (AD) objects from any active rules. Traps cannot continue to apply policy rules to Active Directory objects without the relationship with the Directory Sync Service. If you later re-associate Traps management service tenant with the same Directory Sync Service and did not remove the original AD objects from your policy rules, only the rules for AD Computers and Users will re-apply. For a policy rule to apply to other types of AD objects, you must re-add them to policy rules.
The following high-level workflow provides a brief overview of the steps you to set up the Directory Sync Service. For detailed workflows on how to set up, manage, and troubleshoot Directory Sync Service, refer to the Directory Sync Service Getting Started Guide.
  1. Review the Directory Sync Service System Requirements.
  2. Install the Directory Sync Agent.
  3. Configure the Directory Sync Agent and the Agent.
  4. Configure Mutual Authentication between the Directory Sync Service and the Agent.
  5. Associate Directory Sync Service Instances with Palo Alto Networks Apps.

Related Documentation