New Cloud Identity Engine and SaaS Security Pages on LIVE

cancel
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

new-cloud-identity_saas-security-pages_LIVEcommunity.jpgHello everyone, 

I'm excited to share that LIVEcommunity has two new dedicated areas: Cloud Identity Engine and SaaS Security.

Cloud Identity Engine

The new Cloud Identity Engine is a way to collect attributes from on-premise Active Directory (AD) or cloud-based Azure AD and stores them in a secure, cloud-based infrastructure. This allows Palo Alto Networks' cloud-based applications and services to access the directory information. The Cloud Identity Engine (CIE) consists of two components: Directory sync, which provides user information, and Cloud Authentication service (CAS), which authenticates users.

 

Activating the new Cloud Identity Engine can help move your organization towards Zero Trust. You will also save time and headaches in deployment and management of identity-based controls on your network security infrastructure using point-and-click configuration with real-time validation.

 

New features introduced for the Cloud Security Engine*

FEATURE
DESCRIPTION
Sync Directory Changes for Active Directory and Azure Active Directory
You can now synchronize only the recent changes to your on-premise Active Directory or Azure Active Directory. Syncing the changes takes much less time than syncing the entire directory. By default, the Cloud Identity Engine syncs changes every five minutes for these directory types.
Support for Identity Providers as a Single Source of User Authentication
The Cloud Identity Engine now supports the following identity providers (IdPs) for user authentication:
  • Okta
  • Azure
  • Google
  • PingOne
  • PingFederate
The Cloud Identity Engine provides support for other SAML 2.0-compliant IdPs in addition to these and supports multi-factor authentication (MFA) for Azure and Ping.
Integration with PAN-OS and Panorama
You can now integrate the Cloud Identity Engine with your Palo Alto Networks firewall or Panorama for a comprehensive identity solution. By configuring an Authentication profile on the firewall to use the Cloud Identity Engine for user authentication and the Cloud Identity Engine as an identity source, you can now both identify and authenticate your users.
Support for Germany (DE) Region
The Cloud Identity Engine now supports instances in the Germany (DE) region for customers who must store the data synced from their directories in this region to comply with data regulation requirements. For more information on how to configure this region, refer to Configure the Cloud Identity Agent in the Getting Started guide.

 

* Information reprinted from the Cloud Identity Engine Release Notes page.

 

Along with the new Engine, there is also a new Agent. This new Cloud Identity Agent—which is Directory Sync, rebranded—will allow you to integrate with the new Cloud Identity Engine. 

 

New features for the Cloud Identity Agent **

FEATURE
DESCRIPTION
INTRODUCED IN AGENT VERSION
TLS Security Enhancement
To strengthen the security of the Cloud Identity agent, the agent now uses the highest TLS version available on the host by default.
1.7.0

 

** Information reprinted from the New Features Introduced for the Cloud Identity Agent page

 

SaaS Security

As our technology changes and adapts, so does the LIVEcommunity. We are happy to introduce you to the new SaaS Security pages inside the LIVEcommunity > Technologies drop down.  

New SaaS Security area on the Technologies drop downNew SaaS Security area on the Technologies drop down

 

Inside of this new area lies SaaS Security discussions, articles, videos and additional resources.

 

New SaaS Security page on the LIVE > Technologies pageNew SaaS Security page on the LIVE > Technologies page

We invite you to visit this new area to learn more about SaaS Security.

 

More Resources
To learn more about Cloud Identity, what it is and how to Set Up the Cloud Identity Engine, please check out the Cloud Identity techdocs page

 

More details and screenshots of the Cloud Identity Engine can he found in the PAN-OS 10.1 New Features Guide about the Cloud Identity Engine

 

For more information about Cloud Identity App or Service features, New Agent features, system requirements or known and addressed issues, please be sure to check out the Cloud Identity Engine Release Notes and the New Features Guide on Cloud Identity Engine.

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

1 Comment
L0 Member

Hi Palo Alto,

 

I have activated the Cloud Identity Engine, However which assigning the role in Hubs-> Access Management the field shows grayed out. I am the Instance Admin and have all the access. Any specific things I need to complete before this. Kindly help.

Register or Sign-in
Labels