I'm excited to share that LIVEcommunity has two new dedicated areas: Cloud Identity Engine and SaaS Security.
Cloud Identity Engine
The new Cloud Identity Engine is a way to collect attributes from on-premise Active Directory (AD) or cloud-based Azure AD and stores them in a secure, cloud-based infrastructure. This allows Palo Alto Networks' cloud-based applications and services to access the directory information. The Cloud Identity Engine (CIE) consists of two components: Directory sync, which provides user information, and Cloud Authentication service (CAS), which authenticates users.
Activating the new Cloud Identity Engine can help move your organization towards Zero Trust. You will also save time and headaches in deployment and management of identity-based controls on your network security infrastructure using point-and-click configuration with real-time validation.
New features introduced for the Cloud Security Engine*
Sync Directory Changes for Active Directory and Azure Active Directory
You can now synchronize only the recent changes to your on-premise Active Directory or Azure Active Directory. Syncing the changes takes much less time than syncing the entire directory. By default, the Cloud Identity Engine syncs changes every five minutes for these directory types.
Support for Identity Providers as a Single Source of User Authentication
The Cloud Identity Engine now supports the following identity providers (IdPs) for user authentication:
The Cloud Identity Engine provides support for other SAML 2.0-compliant IdPs in addition to these and supports multi-factor authentication (MFA) for Azure and Ping.
Integration with PAN-OS and Panorama
You can now integrate the Cloud Identity Engine with your Palo Alto Networks firewall or Panorama for a comprehensive identity solution. By configuring an Authentication profile on the firewall to use the Cloud Identity Engine for user authentication and the Cloud Identity Engine as an identity source, you can now both identify and authenticate your users.
Support for Germany (DE) Region
The Cloud Identity Engine now supports instances in the Germany (DE) region for customers who must store the data synced from their directories in this region to comply with data regulation requirements. For more information on how to configure this region, refer toConfigure the Cloud Identity Agentin theGetting Startedguide.