07-01-2024 07:13 PM
Hey there, scenario is CIE is in one Palo CSP and Panorama is in a different Palo CSP (the reason why is they are managed by different companies). Should Panorama be able to pull group mappings that exist in CIE, even though the two are in different CSPs?
Thanks
DJ
07-02-2024 01:08 AM
Panorama will not be able to pull data from that particular CIE. When you create a new CIE link on Panorama, Panorama will connect up to the CSP to fetch all associated CIE instances so you can select which one to connect to (in case there's multiple in your CSP)
you can't connect to a CIE by some sort of identifier at this time
you can spin up a CIE instance and grant the other company access via common services > identity & access
07-02-2024 04:54 PM
Thank you so much for this. So we would "could" spin up a new CIE in CSP#2 and 'pull' the user info from the CIE in CSP#1 - is that right?
I would need to do some research to see what cost is associated with doing this if that is true.
07-09-2024 01:08 AM
the CIE needs to run in the same CSP account as the panorama for them to be able to communicate, but you can connect the CIE to any (and multiple) active directory
so if panorama is registered in CSP#1, the CIE needs to be in CSP#1
CIE is free
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
