Send User Mappings to User-ID Using the XML API
User-ID provides many out-of-the box methods for obtaining
user mapping information. However, you might have applications or
devices that capture user information but cannot natively integrate
with User-ID. For example, you might have a custom, internally developed
application or a device that no standard user mapping method supports.
In such cases, you can use the PAN-OS XML API to create custom scripts
that send the information to the PAN-OS integrated User-ID agent
or directly to the firewall. The PAN-OS XML API uses standard HTTP
requests to send and receive data. API calls can be made directly
from command line utilities such as cURL or using any scripting
or application framework that supports POST and GET requests.
To enable an external system to send user mapping information
to the PAN-OS integrated User-ID agent, create scripts that extract
user login and logout events and use the events as input to the
PAN-OS XML API request. Then define the mechanisms for submitting
the XML API requests to the firewall (using cURL, for example) and
use the API key of the firewall for secure communication. For more
details, refer to the
PAN-OS XML API Usage Guide.