Configure Third-Party Device-ID in Prisma Access (Strata Cloud Manager)
Focus
Focus
Prisma Access

Configure Third-Party Device-ID in Prisma Access (Strata Cloud Manager)

Table of Contents


Configure Third-Party Device-ID in Prisma Access (Strata Cloud Manager)

Allow third-party IoT device vendors to retrieve their device IDs using the Cloud Identity Engine and Prisma Access.
To configure third-party Device-ID, complete the following task.
  1. Activate Third-Party Device-ID in the Cloud Identity Engine.
    This procedure includes uploading a signed certificate and using that with an API to communicate with, and download Device-ID information from, the third-party IoT vendor.
  2. Activate Third-Party Device-ID in Prisma Access by going to SettingsPrisma Access SetupShared or WorkflowsPrisma Access SetupPrisma Accessand set Enable Device Identification to Enabled.
  3. Configure a device object and enter device attributes. ManageConfigurationNGFW and Prisma Access, set the configuration scope to Remote Networks, and select ObjectsDevices and Add Devices. Be sure that you are in the Remote Networks device group.
    1. Add a device object that matches attributes for the third-party objects.
      The Cloud Identity Engine Mappings area displays the attributes of the third-party devices; you can use any attributes retrieved from there.
  4. Go to ManageConfigurationNGFW and Prisma Access, set the configuration scope to Remote Networks, and select Security ServicesSecurity Policy and Add a security policy, adding the device objects you created in the Devices area.
  5. Push Config to save your changes to the Prisma Access configuration, making sure to select Remote Networks in the push scope.
  6. Verify that Prisma Access is receiving the Device-ID logs by going to Incidents & AlertsLog Viewer, selecting Firewall/Traffic, and searching for traffic under the rule you created by entering rule_matched = rulename, where rulename is the security policy rule you created for the third-party IoT devices.
    The Device-ID to IP address mappings display in the logs.