Prisma Access and LDAP Group Mapping with Directory Sync Agent

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Prisma Access and LDAP Group Mapping with Directory Sync Agent

L0 Member


I'm trying to implement group-based policies in a standalone Prisma Access deployment. I'm working only with Prisma for Remote Networks. For this purpose I have enabled a Directory Sync Agent to retrieve groups from LDAP Server but Prisma don't have connection to Active Directory so we don't have LDAP Server Profile yet. I need to confirm if it's necessary configure LDAP Server Profile, User-ID Agent, to get group-based policies and user information in the reports and if it's possible enable it through Directory Sync Service?


L2 Linker

Hi @kellysalinas1 


This should be possible to do without LDAP and directory sync is going to pull the users/groups mapping bases on what groups are configured in the security policy.

For the IP-user mapping, however, you might need a user ID agent since it is remote network and there is no GP.


Hope this helps,


  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!