Configure Microsoft Entra ID User Group Mapping in Prisma Access
Where Can I Use This? | What Do I Need? |
To provide user, group, and computer information for policy or event context, Palo Alto
Networks cloud-based applications and services need access to your directory
information. Cloud Identity Engine gives Prisma Access read-only access to your Active
Directory information, so that you can easily set up and manage security and decryption
policies for users and groups. Cloud Identity Engine is free and does not require a
license to get started. Cloud Identity Engine supports on-premises directory (Active
Directory) and a cloud-based directory (Microsoft Entra ID, formerly Azure Active Directory)). The authentication
component of the Cloud Identity Engine allows you to configure a profile for a SAML
2.0-based identity provider (IdP) that authenticates users by redirecting their access
requests through the IdP before granting access. You can also configure a client
certificate for user authentication.
Add an Microsoft Entra ID in the Cloud Identity Engine to allow the Cloud
Identity Engine to collect user, group, and device attributes from your Microsoft Entra ID for
policy enforcement and user visibility.
Get the user and group information using the Cloud Identity Engine by performing the
steps:
Create a Cloud Identity Engine
instance for Prisma Access.