08-24-2022 12:50 PM
I am confused about Cloud Identity,, on how and what to use for Azure AD as a service to map IP's to username when users login to Azure AD from their surface device.
11-09-2022 01:55 AM
Basically you are using SAML IdP that is the Azure AD and the cloud identity engine is the SAML SP and it gets the Azure data like user and ad group , email address etc. from the Azure AD after the user authenticates on it like SAML assertions that are insterted in the User browser request after the Azure AD authenticates the user and returns them to Prisma Acccess 🙂
After you have registered the Application that will be used for SAML in the Azure AD portal you can even select what data will be returned to Prisma Access:
Also you can add as a bonus SCIM for extra sync between Azure AD and CIE as SAML is too static and if you block a user on Azure AD it will take time before he is blocked on the Prisma Access but SCIM solves this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!