Cloud Identity Engine Directory Is Not Showing Sync In Prisma Access After Re-enabling A Previously Disabled Azure AD Admin Account

Cloud Identity Engine Directory Is Not Showing Sync In Prisma Access After Re-enabling A Previously Disabled Azure AD Admin Account

4016
Created On 12/07/22 03:11 AM - Last Modified 07/24/23 15:52 PM


Symptom


  • Cloud Identity Engine Directory Is Not Showing Sync In Prisma Access.
  • The following events led to the "Out of sync" symptom.
    • Azure AD admin creates an Enterprise Application in Azure AD to support Directory sync.
    • Directory sync is up and working.
    • Azure AD admin account is disabled.
    • Some time later, CIE directory shows out of sync.

Environment


  • Panorama-managed Prisma Access
  • Cloud-managed Prisma Access
  • Cloud Identify Engine (CIE) App on the Hub

Cause


Azure AD admin account is required to be enabled for CIE directory to be in sync.

Resolution


  1. Re-Enable the Azure AD admin account.
  2. Once the Azure AD admin account is re-enabled, perform a 'Full Sync' under the Hub > Cloud Identity Engine App > Directory Sync > Directories > Actions
cie.png
 
 
 

Additional Information


Cloud Identity Engine Feature Guide
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sa47CAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail