User-ID IP Mapping is not working with Jumpcloud LDAP
Symptom
User-ID IP mapping is not working with Jumpcloud LDAP
Environment
You may have followed the Jumpcloud KB article to integrate Jumpcloud LDAP with the Palo Alto firewall:
Configuring a Palo Alto Networks Firewall to use JumpCloud's LDAP-as-a-Service
Cause
The Jumpcloud LDAP integration with Palo Alto is used for authentication and feeding group-mapping information.
Jumpcloud cannot be used for User-ID IP mappings, as is the case for any LDAP service. This diagram from the User-ID Overview page, shows the relationship between User-ID sources and where they feed into.
User-ID Overview (paloaltonetworks.com)
LDAP is a directory and typically does not contain the necessary information required to generate an IP to User mapping.
When an agent integrates with an Active Directory source, for example, the agent queries security event logs on domain controllers to retrieve this information. Jumpcloud is not actually an Active Directory/Windows service, and has no other means of sending the information, there is no way to generate an IP mapping.