topic Prisma Access/Cloud Identity Engine with Okta IDP – Issue with Group Changes in Strata Cloud Manager https://live.paloaltonetworks.com/t5/strata-cloud-manager/prisma-access-cloud-identity-engine-with-okta-idp-issue-with/m-p/1227698#M19 <P class="" data-start="49" data-end="138">&nbsp;</P> <P class="" data-start="140" data-end="646">We're encountering an issue when moving users between Okta groups. In the Cloud Identity Engine (CIE), we observe that the user's group membership updates correctly. However, the firewall is not reflecting this change; the user loses access permissions associated with both the new and the old groups. Additionally, firewall logs show the source user as their email ID instead of the expected format (<CODE data-start="541" data-end="566">okta\firstname.lastname</CODE>). As a result, security policies based on Okta groups aren't correctly applied.</P> <P class="" data-start="648" data-end="826">Could you advise on how to resolve this? Are there specific configuration settings we might have overlooked, or certain steps we must follow when reassigning user groups in Okta?</P> Tue, 29 Apr 2025 21:37:18 GMT jaswanthwhoop 2025-04-29T21:37:18Z Prisma Access/Cloud Identity Engine with Okta IDP – Issue with Group Changes https://live.paloaltonetworks.com/t5/strata-cloud-manager/prisma-access-cloud-identity-engine-with-okta-idp-issue-with/m-p/1227698#M19 <P class="" data-start="49" data-end="138">&nbsp;</P> <P class="" data-start="140" data-end="646">We're encountering an issue when moving users between Okta groups. In the Cloud Identity Engine (CIE), we observe that the user's group membership updates correctly. However, the firewall is not reflecting this change; the user loses access permissions associated with both the new and the old groups. Additionally, firewall logs show the source user as their email ID instead of the expected format (<CODE data-start="541" data-end="566">okta\firstname.lastname</CODE>). As a result, security policies based on Okta groups aren't correctly applied.</P> <P class="" data-start="648" data-end="826">Could you advise on how to resolve this? Are there specific configuration settings we might have overlooked, or certain steps we must follow when reassigning user groups in Okta?</P> Tue, 29 Apr 2025 21:37:18 GMT https://live.paloaltonetworks.com/t5/strata-cloud-manager/prisma-access-cloud-identity-engine-with-okta-idp-issue-with/m-p/1227698#M19 jaswanthwhoop 2025-04-29T21:37:18Z