User-ID using Cloud identity engine with Azure AD

Hello All,

We are in the process of configuring the Cloud Identity Engine with the directory sync features with Azure-AD to pool the users and the groups in order to applying role/group-based access control. Despite successfully completing several

Cortex XDR Cloud Identity Engine

We have planned the configuration of the Cortex XDR Cloud Identity Engine for our on-premises service. Could you please tell me whether the Cloud Identity Engine agent should be installed on the AD server or on a separate (NEW) server? What is the be

Global protect ,Migrate from one CIE to another,

we are looking to migrate from one Cloud identity to another,

is it possible to run 2 CIE simultaneous  or does it have to be a bang migration process.

cortex xdr Cloud identity engine configuration query

Hello Team,

We have planned Cortex XDR Cloud Identity Engine configuration for our on-premises service. Could you please provide a list of the URLs and ports that should be configured on our firewalls?

Cloud Identity Engine Group Mapping

It seems like guest users arent matching any groups with Cloud Identity Engine. We have SAML (Azure) setup for our GlobalProtect authentication (not throught Cloud Identity Engine). We have CIE configured on the firewall under user identification. Th

Cloud identity engine Azure domain SYNC is in progress

Hi Community,

Good day!

We have an issue with the cloud identity engine which sync is in progress for a long time in one of our azure directories. 

Unable to take any action like sync and sync all options. all of them are disabled.

FYI: previ

CIE Multiple Instances

Hi, I hope someone can help with this. I set up a new Cloud Identity Engine instance recently which has synced and looks good. However, I've noticed that there are two other instances that were set up under a Cortex demo licence some time ago (see at

how to view cloud identy engine logs on cortex

recenty sync cloud identity engine  how to view the logs on cortex console

Directory Sync agent & Google LDAP

Is there any way to Sync Google LDAP using the Directory Sync agent? Now we've all users and groups in Google Directory and we can't integrate it with Prisma Access. 

Cloud Identity Engine doesn't show all known attributes

Hi everybody,

I'm wondering why Cloud Identity Engine (CIE) doesn't show all attributes, that should be synchronized from Azure AD.

AAD integration is correctly done, I can see all users in CIE, but when I open user detail, not all attributes are the

What is source of SSO and how to stop it

Domain joined PC, ADFS in environment, Hybrid Azure AD setup, Authentication policy o n Palo setup to use CIE(Cloud Identity Engine) with identities synced from Azure AD and On-Prem AD

When ever I am clearing user ip mapping from the cache and try to

CIE queries

Trying to setup and test Cloud Identity Engine.

CIE is only synced with Azure AD right now

On-prem AD is not yet setup to sync to CIE

1. Source user allowed in policy is user@abc.com , Why the log shows abc\user ???
2. Since Identities are synced to Azu

Cloud Identity Engine Directory Sync

I have Cloud Identity Engine synced to Azure AD and see both groups and users in the hub. I configured a firewall to use CIE, but it doesn't appear to be working. I can see the groups and select them in policies, but no users from those groups are se

Cloud Identity Engine Azure AD as a service

I am confused about Cloud Identity,, on how and what to use for Azure AD as a service to map IP's to username when users login to Azure AD from their surface device.  

Failed to save "PhoNATt". - NAT extension cannot be enabled for the device having support for nat policy.

We have ION 2K device and unable to enable the NAT policies in this device after upgrading it to 5.4.13 ION version. Getting the following error, I am not sure how to enable it but there might be an issue with stack configuration as of now it is defa