Prisma Access requires that you configure
IP address-to-username mapping to consistently enforce user-based
policy for users at remote network locations. In addition, you need
to configure
username to user-group mapping if
you want to enforce policy based on group membership.
You
can then configure your deployment to allow Panorama to retrieve
the list of user groups retrieved from the username-to-user group
mapping, which allows you to easily select these groups from a drop-down
list when you create and configure policies in Panorama.
To
configure User-ID collection and redistribution for users who are
protected by Prisma Access remote networks, use the following methods
to enable user-based access and visibility to applications and resources: