topic Re: Migrate the active directory services from onpremise to EntraID (Azure), in General Topics https://live.paloaltonetworks.com/t5/general-topics/migrate-the-active-directory-services-from-onpremise-to-entraid/m-p/602070#M119810 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a>&nbsp;,</P> <P>&nbsp;</P> <P>Hope you’re doing well! The User-ID Agent isn’t compatible with Azure AD because it relies on traditional LDAP. I recommend looking into&nbsp;<A href="https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/get-started-with-the-cloud-identity-engine/learn-about-the-cloud-identity-engine#id3f7f173a-ab4b-4040-b82e-86944d8b769b" target="_self">Cloud Identity Engine (CIE).&nbsp;</A>You can link directly to Azure AD for group membership. Then you can use&nbsp;SAML&nbsp;for auth and implement captive portal or GP internal gateway to collect user attributes. If you and your org can swing it, setting up an internal gw is a solid choice. If not, captive portal has less overhead.&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps! Feel free to PM me if you'd like to talk more in depth about it.&nbsp;</P> <P>&nbsp;</P> Wed, 16 Oct 2024 18:46:58 GMT JayGolf 2024-10-16T18:46:58Z Migrate the active directory services from onpremise to EntraID (Azure), https://live.paloaltonetworks.com/t5/general-topics/migrate-the-active-directory-services-from-onpremise-to-entraid/m-p/599876#M119263 <P>Hello team</P> <P>We want to migrate active directory services from onpremise to EntraID (Azure), how can we integrate the UserAgent in Palo Alto?</P> <P>&nbsp;</P> <P>Greetings</P> Wed, 09 Oct 2024 11:29:17 GMT https://live.paloaltonetworks.com/t5/general-topics/migrate-the-active-directory-services-from-onpremise-to-entraid/m-p/599876#M119263 Alpalo 2024-10-09T11:29:17Z Re: Migrate the active directory services from onpremise to EntraID (Azure), https://live.paloaltonetworks.com/t5/general-topics/migrate-the-active-directory-services-from-onpremise-to-entraid/m-p/602070#M119810 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a>&nbsp;,</P> <P>&nbsp;</P> <P>Hope you’re doing well! The User-ID Agent isn’t compatible with Azure AD because it relies on traditional LDAP. I recommend looking into&nbsp;<A href="https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/get-started-with-the-cloud-identity-engine/learn-about-the-cloud-identity-engine#id3f7f173a-ab4b-4040-b82e-86944d8b769b" target="_self">Cloud Identity Engine (CIE).&nbsp;</A>You can link directly to Azure AD for group membership. Then you can use&nbsp;SAML&nbsp;for auth and implement captive portal or GP internal gateway to collect user attributes. If you and your org can swing it, setting up an internal gw is a solid choice. If not, captive portal has less overhead.&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps! Feel free to PM me if you'd like to talk more in depth about it.&nbsp;</P> <P>&nbsp;</P> Wed, 16 Oct 2024 18:46:58 GMT https://live.paloaltonetworks.com/t5/general-topics/migrate-the-active-directory-services-from-onpremise-to-entraid/m-p/602070#M119810 JayGolf 2024-10-16T18:46:58Z