Cloud Identity Engine Azure AD as a service

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cloud Identity Engine Azure AD as a service

L3 Networker

I am confused about Cloud Identity,, on how and what to use for Azure AD as a service to map IP's to username when users login to Azure AD from their surface device.  

1 REPLY 1

L6 Presenter

Basically you are using SAML IdP that is the Azure AD and the cloud identity engine is the SAML SP and it gets the Azure data like user and ad group , email address etc. from the Azure AD after the user authenticates on it like SAML assertions that are insterted in the User browser request after the Azure AD authenticates the user and returns them to Prisma Acccess 🙂

 

https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/authenticate-...

 

 

 

 

After you have registered the Application that will be used for SAML in the Azure AD portal you can even select what data will be returned to Prisma Access:

 

nikoolayy1_0-1667987683652.png

 

 

Also you can add as a bonus SCIM for extra sync between Azure AD and CIE as SAML is too static and if you block a user on Azure AD it will take time before he is blocked on the Prisma Access but SCIM solves this.

 

https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/choose-direct...

 

  • 2566 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!