topic How is the cloud Identity Engine different from other IAM vendors (e.g., Okta or Ping or Azure AD)? in Cloud Identity Engine Discussions https://live.paloaltonetworks.com/t5/cloud-identity-engine/how-is-the-cloud-identity-engine-different-from-other-iam/m-p/411317#M1 <P><SPAN style="font-weight: 400;">Cloud Identity Engine is a broker service and not IAM. It collects user and group information from multiple IAM vendors—like Okta Ping, and similar platforms—making the info uniformly available across all firewalls. Customers will continue to leverage their IAM providers; however, they no longer need to connect every IAM with every firewall.</SPAN></P> <P>&nbsp;</P> <P><SPAN style="font-weight: 400;">Cloud IAM tools (like OKTA, Ping, Azure AD, etc.) are meant for identities—i.e. for maintaining users and user group information. But they are not firewall companies, and so cannot and do not enforce security policies. With Palo Alto Networks, customers can authenticate users using groups/users in these Cloud IdPs and enforce identity-based security policies—such as Credential Phishing—along with our URL Filtering subscription.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN style="font-weight: 400;">A cloud-offered service like Cloud Identity Engine keeps users and group information in sync with the Cloud IdP and On-prem Idps to PANW firewall at all times. By dynamically updating user information, complexity and operational burden are greatly reduced.&nbsp;</SPAN></P> Fri, 04 Jun 2021 20:05:16 GMT blevin 2021-06-04T20:05:16Z How is the cloud Identity Engine different from other IAM vendors (e.g., Okta or Ping or Azure AD)? https://live.paloaltonetworks.com/t5/cloud-identity-engine/how-is-the-cloud-identity-engine-different-from-other-iam/m-p/411317#M1 <P><SPAN style="font-weight: 400;">Cloud Identity Engine is a broker service and not IAM. It collects user and group information from multiple IAM vendors—like Okta Ping, and similar platforms—making the info uniformly available across all firewalls. Customers will continue to leverage their IAM providers; however, they no longer need to connect every IAM with every firewall.</SPAN></P> <P>&nbsp;</P> <P><SPAN style="font-weight: 400;">Cloud IAM tools (like OKTA, Ping, Azure AD, etc.) are meant for identities—i.e. for maintaining users and user group information. But they are not firewall companies, and so cannot and do not enforce security policies. With Palo Alto Networks, customers can authenticate users using groups/users in these Cloud IdPs and enforce identity-based security policies—such as Credential Phishing—along with our URL Filtering subscription.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN style="font-weight: 400;">A cloud-offered service like Cloud Identity Engine keeps users and group information in sync with the Cloud IdP and On-prem Idps to PANW firewall at all times. By dynamically updating user information, complexity and operational burden are greatly reduced.&nbsp;</SPAN></P> Fri, 04 Jun 2021 20:05:16 GMT https://live.paloaltonetworks.com/t5/cloud-identity-engine/how-is-the-cloud-identity-engine-different-from-other-iam/m-p/411317#M1 blevin 2021-06-04T20:05:16Z