Okta Directory - Collect Enterprise Applications

Hello guys,

What are the use-cases of "Collect Enterprise Applications" from Okta.  How, where, I can use those collected informations ?!! 

Using more than one CIE Agent

We installed the CIE Agent to send AD info to CIE. I recently discovered another team had deployed the Agent on another server, for the same domain. We *think* it is about this time we started not seeing group information in our XDR Assets and other

CIE agent not connecting to AD servers

We have installed the CIE agent on a Windows server 2022 standard.

We have configured it with all the necessary information. 

Certificate installed from CIE cloud.

The agent connects to CIE in cloud

It is not connecting to the AD servers. We have ver

Block O365/Azure Entra ID account with ITDR Module

Hello Community,

I need to block an O365/Azure Entra ID account using the Cortex ITDR Module due to suspicious login activity, but I can't find any manuals on how to do this. Any assistance would be greatly appreciated.

Thanks in advance, 

Best

Globalprotect login stuck in "Connecting" phase after successful authentication via Azure AD - CIE NOT USING COOKIE Solution

cookie solution will not be best practices very soon with the advancements of AI . Need a solution using the individual Device certificate and User certs or other recommendations. We are trying to harden our GP environment With at least TLS3 at a min

do CIE mappings timeout?

Dear community!

Does someone know if the user-group mappings learned from the CIE timeout if for instance the cloud becomes unavailable?

If there´s a timeout that refreshes the mappings, what could be a backup for this outage situations, having t

Welcome to the Cloud Identity Engine Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

Cloud Identity "disclaimer" on enabling service is not acceptable !!!

Why is Palo Alto stating the following disclaimer when enabling Cloud Identity on our Cloud  Instance?

This is not acceptable due to privacy and compliance concerns. 

What's the process for opting out of this?

trigger google directory full sync by API call or webhook?

Is there any way to trigger a full sync of a Google directory in CIE without a web browser?

My user deprovisioning is mostly automated (scripted) except for opening a web browser to go into CIE to do a full sync, somewhere between disabling the use

Cloud Identity Engine for On-Premises Global Protect

Has anyone used the Cloud Identity Engine for authentication for an on-prem Global Protect portal/gateway?

I'm experimenting with the CIE. It works great for admin login to the GUI, but I'm trying to set it up as an auth source for GP. It is working j

Redistribute group mappings?

Hi all, my CIE has all group information populated and I have Panorama and 3 firewalls. Can I integrate Panorama with CIE to pull down the group mapping information from CIE and then Panorama share/redistribute these group mappings with the 3 firewal

CIE and Panorama in different CSPs?

Hey there, scenario is CIE is in one Palo CSP and Panorama is in a different Palo CSP (the reason why is they are managed by different companies). Should Panorama be able to pull group mappings that exist in CIE, even though the two are in different

CIE Azure AD/Entra AD guest upn match Global Protect login user

I am trying to see how I can get the Cloud Identity Engine to match Global Protect SSO (Also from Azure AD/Entra) upn for the user.  I have a sister company that I have invite certain users in as external guests and added them to aad groups, which is

Cloud Identity Engine Directory Sync

I have Cloud Identity Engine synced to Azure AD and see both groups and users in the hub. I configured a firewall to use CIE, but it doesn't appear to be working. I can see the groups and select them in policies, but no users from those groups are se