This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cloud Identity Engine Discussions
Cloud Identity Engine is the industry's first cloud-native identity synchronization and authentication service providing a single, secure user identity across Palo Alto Network's on-prem and cloud product lines.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cloud Identity Engine Discussions
Cloud Identity Engine is the industry's first cloud-native identity synchronization and authentication service providing a single, secure user identity across Palo Alto Network's on-prem and cloud product lines.
About Cloud Identity Engine Discussions
Cloud Identity Engine is the industry's first cloud-native identity synchronization and authentication service providing a single, secure user identity across Palo Alto Network's on-prem and cloud product lines.

Discussions

Start a conversation

Welcome to the Cloud Identity Engine Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2689 Views
  • 0 replies
  • 0 Likes

Cloud Identity Engine Directory Sync

I have Cloud Identity Engine synced to Azure AD and see both groups and users in the hub. I configured a firewall to use CIE, but it doesn't appear to be working. I can see the groups and select them in policies, but no users from those groups are seen on the firewall. "show user cloud-identity-engine client stat" shows groups, but they show as ...

Unabel to create SAML authentication type (Azure Entra ID) - error message "Cannot save auth profile"

Hello, I'm trying to setup PAN Cloud Identity agent but I don't seem to be able to save a SAML authentication type (Azure Entra ID) as I always get the "Cannot save auth profile" error message. I tried configuring the SAML authentication type using different ways but still getting the same error. Did anyone get the same issue? Thank you.

adcar77 by L0 Member
  • 2067 Views
  • 0 replies
  • 0 Likes

Resolved! Cloud Identity Engine

I am trying to get my Clould Identity Engine working on my firewall. I got the CIE up and running and I am syncing my Directories with Okta. But when I try to connect my CIE to the firewall via Device->User Identification->Cloud Identity Engine. I get the following error. "cloud-identity-engine-instance is invalid" Everything looks cor...

bpotts by L0 Member
  • 11038 Views
  • 3 replies
  • 1 Likes

Cloud Identity Engine - AAD

I am investigating Cloud Identity Engine for integration with Azure AD (Entra ID). I am trying to understand where CIE stores the data that it syncs from AAD (what the actual authentication flow looks like) so we can validate whether user data is going to a 3rd party provider such as Palo Alto.Also does CIE sync and cache user passwords when the...

zimmie67 by L0 Member
  • 4942 Views
  • 1 replies
  • 0 Likes

User-ID using Cloud identity engine with Azure AD

Hello All, We are in the process of configuring the Cloud Identity Engine with the directory sync features with Azure-AD to pool the users and the groups in order to applying role/group-based access control. Despite successfully completing several steps of the configuration process, we are experiencing difficulties with the application of poli...

BFC by L0 Member
  • 7078 Views
  • 1 replies
  • 0 Likes

Cortex XDR Cloud Identity Engine

We have planned the configuration of the Cortex XDR Cloud Identity Engine for our on-premises service. Could you please tell me whether the Cloud Identity Engine agent should be installed on the AD server or on a separate (NEW) server? What is the best method?

Cloud Identity Engine Group Mapping

It seems like guest users arent matching any groups with Cloud Identity Engine. We have SAML (Azure) setup for our GlobalProtect authentication (not throught Cloud Identity Engine). We have CIE configured on the firewall under user identification. The Cloud Identity Engine is configured to sync the Azure directory but if I look on the firewall u...

Claw4609 by L5 Sessionator
  • 9226 Views
  • 4 replies
  • 0 Likes

Cloud identity engine Azure domain SYNC is in progress

Hi Community, Good day! We have an issue with the cloud identity engine which sync is in progress for a long time in one of our azure directories. Unable to take any action like sync and sync all options. all of them are disabled. FYI: previously all domains are in sync status. Could you please advise how to solve the issue? Thanks ...

CIE Multiple Instances

Hi, I hope someone can help with this. I set up a new Cloud Identity Engine instance recently which has synced and looks good. However, I've noticed that there are two other instances that were set up under a Cortex demo licence some time ago (see attached). Is there any way I can remove the two unwanted instances without deleting the whole th...

Cloud Identity Engine doesn't show all known attributes

Hi everybody, I'm wondering why Cloud Identity Engine (CIE) doesn't show all attributes, that should be synchronized from Azure AD. AAD integration is correctly done, I can see all users in CIE, but when I open user detail, not all attributes are there. When I check user attributes configuration, than it looks ok and attributes in AAD are filled...

  • 39 Posts
  • 49 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks