Does Cloud Identity Engine have the functionality to learn user to IP mapping?
4564
Created On 08/31/22 14:19 PM - Last Modified 03/31/23 18:26 PM
Question
Does Cloud Identity Engine have the functionality of user to IP mapping?
Environment
- Palo Alto Firewalls.
- PAN-OS 10.1 and above.
- CIoud Identity Engine (CIE).
Answer
- CIE does not have the functionality to learn user to IP mapping
- The services that exists within CIE are for:
- SAML or certificate-based authentication via Cloud Authentication Service (CAS)
- Group mapping through Directory Sync.
- For group based policy enforcement, group mapping is only one element of the solution. ip-user mapping still needs to be learned from other supported methods available.