Retrieve Group Mapping Using a Master Device or Long-Form
DN Entries
Retrieve User-ID group mapping for Prisma Access by configuring
an on-premises firewall as a master device.
After you configure User-ID mapping in Prisma
Access, you need to be able to retrieve the current username-to-user
group information for mobile users and users at remote networks.
If you don’t use the Directory Sync
component of the Cloud Identity Engine to retrieve
IP address-to-username and username-to-user group information, you
can populate the groups to allow them to be selected in drop-down
lists in security policies by adding one or more next-generation
firewalls to your deployment and then designating the
firewall as a Master Device. Alternatively, you can implement
User-ID mapping in policies using long-form
Distinguished Name (DN) entries.