Use Cloud Identity Engine or a master device to get User-ID group information for
security policy rules.
Where Can I Use
This?
What Do I Need?
Prisma Access (Managed by Panorama)
Cloud Identity Engine
Prisma Access license
After you configure User-ID mapping in Prisma Access, you need to be able to retrieve
the current username-to-user group information for mobile users and users at remote
networks. While configuring Group Mapping in the Cloud Identity Engine
performs username-to-user group mapping, those user groups are not selectable in
security policy rules. You can populate the groups to allow them to be selected in
security policy rule drop-down lists by either configuring a next-generation firewall as a Master
Device or configuring the Cloud Identity Engine to do
so.