Retrieve User-ID group mapping for Prisma Access by configuring
an on-premises firewall as a master device.
After you configure User-ID mapping in Prisma
Access, you need to be able to retrieve the current IP address-to-username
and username-to-user group information for mobile users and users
at remote networks. To allow the Panorama that manages your deployment
to
retrieve group mapping information,
you must add one or more next-generation firewalls to your deployment
and then
designate the firewall
as a Master Device. You then create policies in Panorama
and enforce the policies using the list of user groups that Panorama
retrieved from the Master Device.