What happens when there are untracked domains in the configuration?

What happens when there are untracked domains in the configuration?

2366
Created On 12/10/24 01:17 AM - Last Modified 12/12/24 04:48 AM


Question


What happens when there are untracked domains in the configuration?

Environment


  • Prisma Access
  • Cloud Identity Engine (CIE) for Group mapping.

Answer


  1. The untracked domains refer to domains in the form of username or user groups which areĀ Not configured in CIE (Cloud Identity Engine).
  2. The CIE on Prisma Access will retrieve the user groups and the users from connected directory based on the Prisma Access configuration (For example Security rules with users or groups in them)
  3. The expectation is that the the domains configured in rules configuration should be same as the one defined in CIE integration.
  4. If the configuration has the presence of untracked domains, this can result in unexpected user id behaviour and errors on the CIE side.
  5. For example, The CIE is integrated with a Cloud directory and the domain defined is example.com
  6. The security rules contains usernames with example.com and in addition, also contains domains company.com which is not tracked by CIE.
  7. The errors/unexpected behavior can be fixed by removing the untracked domains from the configuration followed by a push.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PQwTCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language