Configure User-ID in Prisma Access
Focus
Focus

Configure User-ID in Prisma Access

Table of Contents

Configure User-ID in Prisma Access

This section provides the steps you perform to configure User-ID for Prisma Access.
  1. Configure IP address-to-username mapping for your mobile users and users at remote network locations.
  2. Configure username to user-group mapping for your mobile users and users at remote network locations.
    For Mobile Users—GlobalProtect, Mobile Users—Explicit Proxy, and remote networks, use group mapping. Prisma Access uses the Directory Sync component of the Cloud Identity Engine to populate user and group mapping information.
    Alternatively, you can enable group mapping for mobile users and for users at remote networks using an LDAP server profile.
    We recommend using a Group Include List in the LDAP server profile, so that you can specify which groups you want to retrieve, instead of retrieving all group information.
  3. Allow Panorama to use group mappings in security policies by configuring one or more next-generation on-premises or VM-series firewalls as a Master Device.
    If you don’t configure a Master Device with a Prisma Access User-ID deployment, use long-form distributed name (DN) entries instead.
  4. Redistribute HIP information to Panorama.