Prepare to Deploy the Cloud Identity Engine

Showing results for 
Search instead for 
Did you mean: 
L1 Bithead
Did you find this article helpful? Yes No
No ratings

The Cloud Identity Engine consists of two components: Directory Sync, which provides user information, and the Cloud Authentication Service, which authenticates users. For a more comprehensive identity solution, Palo Alto Networks recommends using both components, but you can configure the components independently. 


The Cloud Authentication Service uses a cloud-based service to provide user authentication using SAML 2.0-based Identity Providers (IdPs). When the user attempts to authenticate, the authentication request is redirected to the Cloud Authentication Service, which redirects the request to the IdP. After the IdP authenticates the user, the firewall maps the user and applies the security policy. By using a cloud-based solution, you can reallocate the resources required for authentication from the firewall or Panorama to the cloud. The Cloud Authentication Service also allows you to configure the authentication source once instead of for each authentication method you use (for example, Authentication Portal or administrator authentication). 


Learn more here.

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last update:
‎06-04-2021 01:04 PM
Updated by: