>
    Manage Your Directory Service on Data Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Group-Based Visibility
    4. Manage Your Directory Service on Data Security
    Download PDF
    SaaS Security

    Manage Your Directory Service on Data Security

    Table of Contents

    Manage Your Directory Service on Data Security

    Learn how to rescan, reauthenticate, or delete a directory service instance from Data Security.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    • Data Security license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    • New customers (onboarded your apps to Data Security on or after November 1, 2024) and FedRAMP customers: Integrate CIE with Data Security.
    • Legacy customers (onboarded your apps to Data Security before November 1, 2024): If you have been using Microsoft Azure AD, continue with the following topic.
    When you connect your directory service to Data Security, you provide the identifiers and keys authorizing the service to establish a secure connection to the directory to populate your user group information. Data Security refreshes every 24 hours, but if there are changes to user group membership you’d like to retrieve before the automatic refresh, you can manually update your user and group information.
    The directory service and Data Security maintain a secure connection, but sometimes you need to reauthenticate if there is a network connectivity issue or if the login credentials have changed.
    To stop scanning a directory service, you can remove the connection on Data Security by deleting the directory service instance. Any cloud apps utilizing the subset of groups in scanning will need to be reauthenticated.
    • To refresh a directory service, go to SettingsDirectory & External Services.
      1. In the row of the directory service instance, select ActionsRefresh.
      2. To begin a rescan after you successfully Refresh, Rescan a Managed Cloud App.
    • To reauthenticate a directory service, go to SettingsDirectory & External Services.
      1. In the row of the directory service instance, select ActionsReauthenticate.
      2. Follow the same process to connect the directory service you did when you first added it. See Reauthenticate to a Cloud App for details on the required information and privileges needed to authenticate the directory service.
      3. To refresh the directory service after you successfully reauthenticate, select Actions Refresh.
    • To delete a directory service, go to SettingsDirectory & External Services.
      1. Select ActionsDelete in the row that corresponds to the directory service instance you want to delete.

    © 2025 Palo Alto Networks, Inc. All rights reserved.