09-22-2025 04:33 AM - edited 09-22-2025 06:42 AM
HI,
We have some users authenticating with SAML (EntraID) but these users are not being identifing in UIA. Is possible to get the info in UIA and palo about users authenticating in SAML?
any idea or KB?
09-22-2025 07:41 AM
When you say that they're authenticating, do you mean that you're using SAML with Entra for something like GlobalProtect or an authentication policy or authenticating to the device through a hybrid or Entra-joined endpoint? I'm going to assume the later at the moment and if that's the case, you'll want to look into Cloud Identity Engine that handles this sort of thing.
09-23-2025 07:14 AM
I explain you better
We have devices that are not in the on-premises domain and are using Azure AD. Authentication is OK but PA doesnt have the group belongs users since its not recognised.
These devices connect to Wi-Fi and are validated with a Wi-Fi certificate (CISCO ISE). Once access to the Wi-Fi network is granted, they register with the UIA, and Palo Alto has the mapping for these users.
The problem is that some devices are not configured and attack Azure AD directly. These devices are not recognized by Palo Alto or the UIA and do not match the group rules (obviously).
The question is how Palo Alto and UIA can integrate with Azure AD to also access information about users who log in there and be able to create rules for groups.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
