CIE and Panorama in different CSPs?

Hey there, scenario is CIE is in one Palo CSP and Panorama is in a different Palo CSP (the reason why is they are managed by different companies). Should Panorama be able to pull group mappings that exist in CIE, even though the two are in different

Redistribute group mappings?

Hi all, my CIE has all group information populated and I have Panorama and 3 firewalls. Can I integrate Panorama with CIE to pull down the group mapping information from CIE and then Panorama share/redistribute these group mappings with the 3 firewal

CIE Azure AD/Entra AD guest upn match Global Protect login user

I am trying to see how I can get the Cloud Identity Engine to match Global Protect SSO (Also from Azure AD/Entra) upn for the user.  I have a sister company that I have invite certain users in as external guests and added them to aad groups, which is

Cloud Identity Engine Directory Sync

I have Cloud Identity Engine synced to Azure AD and see both groups and users in the hub. I configured a firewall to use CIE, but it doesn't appear to be working. I can see the groups and select them in policies, but no users from those groups are se

Unabel to create SAML authentication type (Azure Entra ID) - error message "Cannot save auth profile"

Hello,

I'm trying to setup PAN Cloud Identity agent but I don't seem to be able to save a SAML authentication type (Azure Entra ID) as I always get the "Cannot save auth profile" error message. I tried configuring the SAML authentication type using

Cloud Identity Engine - AAD

I am investigating Cloud Identity Engine for integration with Azure AD (Entra ID). I am trying to understand where CIE stores the data that it syncs from AAD (what the actual authentication flow looks like) so we can validate whether user data is goi

User-ID using Cloud identity engine with Azure AD

Hello All,

We are in the process of configuring the Cloud Identity Engine with the directory sync features with Azure-AD to pool the users and the groups in order to applying role/group-based access control. Despite successfully completing several

Cortex XDR Cloud Identity Engine

We have planned the configuration of the Cortex XDR Cloud Identity Engine for our on-premises service. Could you please tell me whether the Cloud Identity Engine agent should be installed on the AD server or on a separate (NEW) server? What is the be

Global protect ,Migrate from one CIE to another,

we are looking to migrate from one Cloud identity to another,

is it possible to run 2 CIE simultaneous  or does it have to be a bang migration process.

cortex xdr Cloud identity engine configuration query

Hello Team,

We have planned Cortex XDR Cloud Identity Engine configuration for our on-premises service. Could you please provide a list of the URLs and ports that should be configured on our firewalls?

Cloud Identity Engine Group Mapping

It seems like guest users arent matching any groups with Cloud Identity Engine. We have SAML (Azure) setup for our GlobalProtect authentication (not throught Cloud Identity Engine). We have CIE configured on the firewall under user identification. Th

Cloud identity engine Azure domain SYNC is in progress

Hi Community,

Good day!

We have an issue with the cloud identity engine which sync is in progress for a long time in one of our azure directories. 

Unable to take any action like sync and sync all options. all of them are disabled.

FYI: previ

CIE Multiple Instances

Hi, I hope someone can help with this. I set up a new Cloud Identity Engine instance recently which has synced and looks good. However, I've noticed that there are two other instances that were set up under a Cortex demo licence some time ago (see at