In a standalone Prisma Access deployment without
a Master Device, you can use group-based policy using long-form
DN entries in Panorama. Prisma Access uses the DN entries to evaluate
the User-ID-based policies you have configured in Panorama.
For
example, given a User named Bob Alice who
works in IT for Organization Hooli in
the United States, a matching security policy may have ou=IT Staff,O=Hooli,C=US if
the policy is to be applied to all IT staff, or CN=Bob
Alice,ou=IT Staff,O=Hooli,C=US if the policy is only to
be applied to Bob Alice.