topic Re: User-ID and Microsoft Entra ID Internal in General Topics

User-ID and Microsoft Entra ID Internal

AlexMcCreery — Sun, 01 Dec 2024 16:35:23 GMT

We recently setup our CIE to work with our Microsoft Entra ID so when on GlobalProtect, we can track users and their traffic.

We are now looking for solutions for a similar setup for internal users (not on GlobalProtect but on network). We are trying to avoid using direct AD access since Entra ID is our source of truth. I have seen a few options but wanted to see what others have setup. Any recommendations?

Re: User-ID and Microsoft Entra ID Internal

arusharma — Sun, 08 Dec 2024 06:49:21 GMT

For internal users also you can use CIE for group mapping. I don't know what exactly you are trying to achieve group mapping for internal users or user IP mapping. But once EntraID is integrated with CIE firewall can get the group mapping from CIE for internal users.

Re: User-ID and Microsoft Entra ID Internal

AlexMcCreery — Mon, 09 Dec 2024 02:35:06 GMT

I thought CIE was only for global protect and its configurations.

We are looking to get User-ID running so that we can make users to their traffic and create more specific rules.

So can we use CIE to map internal users to their traffic?

Re: User-ID and Microsoft Entra ID Internal

arusharma — Mon, 09 Dec 2024 02:56:42 GMT

CIE can be used for fetching group mapping and you can reference those groups in the security policy if needed. To see the users in traffic logs you need to have user IP mapping which can be done by GP for GP users but for internal users, you need to implement UIA or some other method mentioned in the article to learn those mappings. Check this: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/user-id/user-id-overview