User-ID and Microsoft Entra ID Internal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID and Microsoft Entra ID Internal

L0 Member

We recently setup our CIE to work with our Microsoft Entra ID so when on GlobalProtect, we can track users and their traffic.

 

We are now looking for solutions for a similar setup for internal users (not on GlobalProtect but on network). We are trying to avoid using direct AD access since Entra ID is our source of truth. I have seen a few options but wanted to see what others have setup. Any recommendations? 

3 REPLIES 3

L3 Networker

For internal users also you can use CIE for group mapping. I don't know what exactly you are trying to achieve group mapping for internal users or user IP mapping. But once EntraID is integrated with CIE firewall can get the group mapping from CIE for internal users. 

I thought CIE was only for global protect and its configurations. 

 

We are looking to get User-ID running so that we can make users to their traffic and create more specific rules. 

 

So can we use CIE to map internal users to their traffic?

CIE can be used for fetching group mapping and you can reference those groups in the security policy if needed. To see the users in traffic logs you need to have user IP mapping which can be done by GP for GP users but for internal users, you need to implement UIA or some other method mentioned in the article to learn those mappings. Check this: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/user-id/user-id-overview

 

  • 387 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!