Cloud identity engine Azure domain SYNC is in progress

Hi Community,

Good day!

We have an issue with the cloud identity engine which sync is in progress for a long time in one of our azure directories. 

Unable to take any action like sync and sync all options. all of them are disabled.

FYI: previ

CIE Multiple Instances

Hi, I hope someone can help with this. I set up a new Cloud Identity Engine instance recently which has synced and looks good. However, I've noticed that there are two other instances that were set up under a Cortex demo licence some time ago (see at

how to view cloud identy engine logs on cortex

recenty sync cloud identity engine  how to view the logs on cortex console

Directory Sync agent & Google LDAP

Is there any way to Sync Google LDAP using the Directory Sync agent? Now we've all users and groups in Google Directory and we can't integrate it with Prisma Access. 

Cloud Identity Engine doesn't show all known attributes

Hi everybody,

I'm wondering why Cloud Identity Engine (CIE) doesn't show all attributes, that should be synchronized from Azure AD.

AAD integration is correctly done, I can see all users in CIE, but when I open user detail, not all attributes are the

What is source of SSO and how to stop it

Domain joined PC, ADFS in environment, Hybrid Azure AD setup, Authentication policy o n Palo setup to use CIE(Cloud Identity Engine) with identities synced from Azure AD and On-Prem AD

When ever I am clearing user ip mapping from the cache and try to

CIE queries

Trying to setup and test Cloud Identity Engine.

CIE is only synced with Azure AD right now

On-prem AD is not yet setup to sync to CIE

1. Source user allowed in policy is user@abc.com , Why the log shows abc\user ???
2. Since Identities are synced to Azu

Cloud Identity Engine Azure AD as a service

I am confused about Cloud Identity,, on how and what to use for Azure AD as a service to map IP's to username when users login to Azure AD from their surface device.  

Failed to save "PhoNATt". - NAT extension cannot be enabled for the device having support for nat policy.

We have ION 2K device and unable to enable the NAT policies in this device after upgrading it to 5.4.13 ION version. Getting the following error, I am not sure how to enable it but there might be an issue with stack configuration as of now it is defa

Free Cloud Identity Engine (CIE) training!

At Palo Alto Beacon there is a grat learning called "Identity at Palo Alto Networks" for this that can be checked.

https://beacon.paloaltonetworks.com/student/catalog

Also live community youtube channel has some usefull stuff:

https://www.youtu

Cloud Identity Engine for On-Premises Global Protect

Has anyone used the Cloud Identity Engine for authentication for an on-prem Global Protect portal/gateway?

I'm experimenting with the CIE. It works great for admin login to the GUI, but I'm trying to set it up as an auth source for GP. It is working j

CIE Free?

Is ClE free or subscription based? 

Are there any limitation on how many groups it can sync?

Administrator CLI access via Cloud Identity Engine

Hi Experts

“Administrators can use SAML to authenticate to the firewall or Panorama web interface but not to the CLI”, as mentioned in the PAN-OS administrator documentation.

Can we use the Cloud Identity Engine instead to authenticate administrat

Why should customers use Cloud Identity Engine and User-ID on the firewall for identity-based security?

Cloud IAM vendors are meant for Identities (managing users and groups), but they do not enforce security policies on these identities as they are not a firewall. With PANW, our customers can authenticate using groups/users in these Cloud IdPs and enf

How is the cloud Identity Engine different from other IAM vendors (e.g., Okta or Ping or Azure AD)?

Cloud Identity Engine is a broker service and not IAM. It collects user and group information from multiple IAM vendors—like Okta Ping, and similar platforms—making the info uniformly available across all firewalls. Customers will continue to leverag