Cloud Identity Engine Discussions

do CIE mappings timeout?

Dear community!

Does someone know if the user-group mappings learned from the CIE timeout if for instance the cloud becomes unavailable?

If there´s a timeout that refreshes the mappings, what could be a backup for this outage situations, having t

Welcome to the Cloud Identity Engine Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

Cloud Identity "disclaimer" on enabling service is not acceptable !!!

Why is Palo Alto stating the following disclaimer when enabling Cloud Identity on our Cloud  Instance?

This is not acceptable due to privacy and compliance concerns. 

What's the process for opting out of this?

trigger google directory full sync by API call or webhook?

Is there any way to trigger a full sync of a Google directory in CIE without a web browser?

My user deprovisioning is mostly automated (scripted) except for opening a web browser to go into CIE to do a full sync, somewhere between disabling the use

Cloud Identity Engine for On-Premises Global Protect

Has anyone used the Cloud Identity Engine for authentication for an on-prem Global Protect portal/gateway?

I'm experimenting with the CIE. It works great for admin login to the GUI, but I'm trying to set it up as an auth source for GP. It is working j

Redistribute group mappings?

Hi all, my CIE has all group information populated and I have Panorama and 3 firewalls. Can I integrate Panorama with CIE to pull down the group mapping information from CIE and then Panorama share/redistribute these group mappings with the 3 firewal

Okta Directory - Collect Enterprise Applications

Hello guys,

What are the use-cases of "Collect Enterprise Applications" from Okta.  How, where, I can use those collected informations ?!! 

CIE and Panorama in different CSPs?

Hey there, scenario is CIE is in one Palo CSP and Panorama is in a different Palo CSP (the reason why is they are managed by different companies). Should Panorama be able to pull group mappings that exist in CIE, even though the two are in different

CIE Azure AD/Entra AD guest upn match Global Protect login user

I am trying to see how I can get the Cloud Identity Engine to match Global Protect SSO (Also from Azure AD/Entra) upn for the user.  I have a sister company that I have invite certain users in as external guests and added them to aad groups, which is

Cloud Identity Engine Directory Sync

I have Cloud Identity Engine synced to Azure AD and see both groups and users in the hub. I configured a firewall to use CIE, but it doesn't appear to be working. I can see the groups and select them in policies, but no users from those groups are se

Unabel to create SAML authentication type (Azure Entra ID) - error message "Cannot save auth profile"

Hello,

I'm trying to setup PAN Cloud Identity agent but I don't seem to be able to save a SAML authentication type (Azure Entra ID) as I always get the "Cannot save auth profile" error message. I tried configuring the SAML authentication type using

Cloud Identity Engine - AAD

I am investigating Cloud Identity Engine for integration with Azure AD (Entra ID). I am trying to understand where CIE stores the data that it syncs from AAD (what the actual authentication flow looks like) so we can validate whether user data is goi