Configure User-ID and User-Based Policies with Prisma Access
Prisma Access requires that you configure IP address-to-username
mapping to consistently enforce user-based policy for mobile users
and users at remote network locations. In addition, you need to
configure
username to user-group mapping if
you want to enforce policy based on group membership.
You can then configure your deployment to allow Panorama to get
the list of user groups retrieved from the group mapping, which
allows you to easily select these groups from a drop-down list when
you create and configure policies in Panorama.
The following sections provide an overview and the steps you
perform to configure and implement User-ID and use the Cloud Identity
Engine to get user and group mapping in Prisma Access.